diff --git a/docs/notebooks/VirusTotalSearch.ipynb b/docs/notebooks/VirusTotalSearch.ipynb
new file mode 100644
index 000000000..c7426ee56
--- /dev/null
+++ b/docs/notebooks/VirusTotalSearch.ipynb
@@ -0,0 +1,775 @@
+{
+ "cells": [
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Virus Total Lookup\n",
+    "VTLookupV3 is a module in the MSTICPy library that provides integration with the VirusTotal API for querying file and URL reputation data. The module includes a `VTLookupV3` class that can be used to submit queries to the VirusTotal API and retrieve response data.\n",
+    "\n",
+    "VTLookupV3 is a powerful tool for security researchers and analysts who need to quickly and easily query VirusTotal for reputation data on files and URLs, and it is just one of many useful modules in the MSTICPy library.\n",
+    "This notebook describes the use of the `VTLookupV3` capabilities in MSTICPy. \n",
+    "\n",
+    "This notebook aims to demonstrate the capabilities of `VTLookupV3` using an example investigation inspired by [F5: Attackers Use New, Sophisticated Ways to Install Cryptominers](https://www.f5.com/labs/articles/threat-intelligence/attackers-use-new--sophisticated-ways-to-install-cryptominers). In order to maximize the value of `VTLookupV3` some queries, like search require [Virus Total Enterprise License](https://support.virustotal.com/hc/en-us/articles/360001387057-VirusTotal-Intelligence-Introduction).\n",
+    "\n",
+    "\n",
+    "## Features\n",
+    "To improve readability, the capabilities of VTLookupV3 are encapsulated into a single, easy to access class. Most functions within the VTLookupV3 class can be done for either a single IOC, or a DataFrame of IOCs. \n",
+    "\n",
+    "| Single IOC methods | Multiple IOCs methods | Description |\n",
+    "|--------------------|-----------------------|-------------|\n",
+    "| VTLookupV3.lookup_ioc | VTLookupV3.lookup_iocs | Queries VT API for detection and details of provided IOC(s) |\n",
+    "| VTLookupV3.lookup_ioc_relationships | VTLookupV3.lookup_iocs_relationships | Queries VT API for a specific relationship type for provided IOC(s) |\n",
+    "| VTLookupV3.get_object | VTLookupV3.search | Queries VT API for full information about IOC(s) |\n",
+    "| VTLookupV3.get_file_behavior | N/A | Queries VT API for sandbox / detonation information about IOC(s) |"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Initializing MSTICPy"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Built-in Libraries\n",
+    "import re\n",
+    "from urllib3 import get_host\n",
+    "\n",
+    "# MSTICPy\n",
+    "import msticpy as mp\n",
+    "from msticpy.context.vtlookupv3 import VTLookupV3\n",
+    "\n",
+    "# Third-Party Libraries\n",
+    "import pandas as pd\n",
+    "\n",
+    "\n",
+    "# Initialize MSTICPy\n",
+    "mp.init_notebook()"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Configuration File\n",
+    "MSTICPy contains robust configuration options to enable analysts to take a diverse approach to using selecting credentials, and pre-building queries. For more details see [MSTICPy Package Configuration](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html) documentation. Below outlines various `AuthKey` methods to obtain Virus Total API capabilities.\n",
+    "\n",
+    "\n",
+    "```yaml\n",
+    "TIProviders:\n",
+    "  VirusTotal:\n",
+    "    Args:\n",
+    "      AuthKey:\n",
+    "        KeyVault: MyKeyVault/MySecret\n",
+    "      AuthKey:\n",
+    "        EnvironmentVar: \"VIRUSTOTAL_AUTH\"\n",
+    "      AuthKey: \"MY_API_KEY_IN_PLAINTEXT\"\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# uses settings from msticpyconfig.yaml\n",
+    "vt_client = VTLookupV3()"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Hunting for Configuration Files related to Cryptomining\n",
+    "Virus Total Intelligence Search is comprised of 40+ search modifiers to create extremely fine-tuned queries to narrow down investigations.\n",
+    "\n",
+    "| Modifier | Description |\n",
+    "|----------|-------------|\n",
+    "| engines  | Malware family identified by Anti-Virus |\n",
+    "| tag      | Additional entity descriptor |\n",
+    "| have     | Checks if the entity contains a specific attribute |\n",
+    "\n",
+    "\n",
+    "```\n",
+    "Query: engines:miner AND tag:json AND have:itw\n",
+    "Description: Look for malware that is classified as a 'miner' that is tagged with 'json' and has an 'itw' characteristics\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>type</th>\n",
+       "      <th>names</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>file</td>\n",
+       "      <td>config.json</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>file</td>\n",
+       "      <td>zbetcheckin_tracker_config.json</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>file</td>\n",
+       "      <td>server2.0.0.json</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>file</td>\n",
+       "      <td>C:\\Users\\&lt;USER&gt;\\Downloads\\server.json</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>file</td>\n",
+       "      <td>C:\\Users\\user\\Desktop\\server.json</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                 id  type  \\\n",
+       "0  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd  file   \n",
+       "0  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd  file   \n",
+       "0  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad  file   \n",
+       "0  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad  file   \n",
+       "0  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad  file   \n",
+       "\n",
+       "                                   names  \n",
+       "0                            config.json  \n",
+       "0        zbetcheckin_tracker_config.json  \n",
+       "0                       server2.0.0.json  \n",
+       "0  C:\\Users\\<USER>\\Downloads\\server.json  \n",
+       "0      C:\\Users\\user\\Desktop\\server.json  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# perform lookup and limit results to 100 or fewer\n",
+    "cryptominer_df = vt_client.search('engines:miner AND tag:json AND have:itw', 100)\n",
+    "\n",
+    "# filter down to necessary columns\n",
+    "cryptominer_df = cryptominer_df[ ['id', 'type', 'names'] ]\n",
+    "\n",
+    "# expand out names list, and filter down to JSON file names\n",
+    "cryptominer_df = cryptominer_df.explode('names')\n",
+    "cryptominer_df = cryptominer_df[ cryptominer_df['names'].str.endswith('.json') ]\n",
+    "\n",
+    "display(cryptominer_df.head())"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Search for In-The-Wild (ITW) information\n",
+    "\"In-The-Wild\" (ITW) is a term used in computer security to describe malware that is actively spreading and infecting systems in real-world situations, as opposed to being studied in a controlled laboratory environment. In the \n",
+    "\n",
+    "In the context of VirusTotal, [\"In-The-Wild\" (ITW)](https://support.virustotal.com/hc/en-us/articles/360001385897-File-search-modifiers) refers to the number of times a particular piece of malware has been detected in the wild by VirusTotal's network of antivirus engines. This metric can be used to assess the prevalence and severity of a particular malware threat. A high ITW score indicates that the malware is actively spreading and infecting systems, while a low score may suggest that the malware is relatively rare or has been contained."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>source</th>\n",
+       "      <th>source.name</th>\n",
+       "      <th>source_type</th>\n",
+       "      <th>target</th>\n",
+       "      <th>target_type</th>\n",
+       "      <th>relationship_type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>config.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d</td>\n",
+       "      <td>url</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>zbetcheckin_tracker_config.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d</td>\n",
+       "      <td>url</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>server2.0.0.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>url</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>C:\\Users\\&lt;USER&gt;\\Downloads\\server.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>url</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>C:\\Users\\user\\Desktop\\server.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>url</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                             source  \\\n",
+       "0  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd   \n",
+       "1  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd   \n",
+       "4  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "5  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "6  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "\n",
+       "                             source.name source_type  \\\n",
+       "0                            config.json        file   \n",
+       "1        zbetcheckin_tracker_config.json        file   \n",
+       "4                       server2.0.0.json        file   \n",
+       "5  C:\\Users\\<USER>\\Downloads\\server.json        file   \n",
+       "6      C:\\Users\\user\\Desktop\\server.json        file   \n",
+       "\n",
+       "                                                             target  \\\n",
+       "0  81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d   \n",
+       "1  81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d   \n",
+       "4  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "5  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "6  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "\n",
+       "  target_type relationship_type  \n",
+       "0         url          itw_urls  \n",
+       "1         url          itw_urls  \n",
+       "4         url          itw_urls  \n",
+       "5         url          itw_urls  \n",
+       "6         url          itw_urls  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# look up in-the-wild URLs associated with files in cryptominer_df\n",
+    "cryptominer_itw_df = vt_client.lookup_iocs_relationships(cryptominer_df, 'itw_urls', 'id', 'type', all_props=True)\n",
+    "\n",
+    "# filter and reorder columns \n",
+    "cryptominer_itw_df = cryptominer_itw_df[ ['source', 'source_type', 'target', 'target_type', 'relationship_type'] ]\n",
+    "\n",
+    "# join itw data on cryptominer_df\n",
+    "cryptominer_itw_df = cryptominer_itw_df.merge(cryptominer_df, how='inner', left_on='source', right_on='id')\n",
+    "\n",
+    "# rename and reorder columns\n",
+    "cryptominer_itw_df.rename(columns={'names': 'source.name'}, inplace=True)\n",
+    "cryptominer_itw_df = cryptominer_itw_df[ ['source', 'source.name', 'source_type', 'target', 'target_type', 'relationship_type'] ]\n",
+    "cryptominer_itw_df.drop_duplicates(inplace=True)\n",
+    "\n",
+    "display(cryptominer_itw_df.head())"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Enrich ITW Information\n",
+    "By default `VTLookupV3` returns relationship data in the form of 'id' and 'type' to obtain human readable information, enrichment is needed."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>url</th>\n",
+       "      <th>host</th>\n",
+       "      <th>host.type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d</td>\n",
+       "      <td>http://27.1.1.34:8080/docs/config.json</td>\n",
+       "      <td>27.1.1.34</td>\n",
+       "      <td>ip_address</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>domain</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>4a97690d7813c24629ee4ac539503fb1f5a57ed98ded075dc8d785f570b50a6f</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=637704108706432000</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>domain</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>578e3967424a350fcebfc7389c814bba5f71d8c62f03649fd39101fe6de69029</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638124776855263671</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>domain</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>b1868edae176ede468699c1cb094f611d4a1fef70f7f507736a03f14247f8666</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=637703350378568000</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>domain</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                 id  \\\n",
+       "0  81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d   \n",
+       "0  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "0  4a97690d7813c24629ee4ac539503fb1f5a57ed98ded075dc8d785f570b50a6f   \n",
+       "0  578e3967424a350fcebfc7389c814bba5f71d8c62f03649fd39101fe6de69029   \n",
+       "0  b1868edae176ede468699c1cb094f611d4a1fef70f7f507736a03f14247f8666   \n",
+       "\n",
+       "                                                                                   url  \\\n",
+       "0                                               http://27.1.1.34:8080/docs/config.json   \n",
+       "0  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546   \n",
+       "0  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=637704108706432000   \n",
+       "0  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638124776855263671   \n",
+       "0  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=637703350378568000   \n",
+       "\n",
+       "                                    host   host.type  \n",
+       "0                              27.1.1.34  ip_address  \n",
+       "0  minerjson.oss-cn-beijing.aliyuncs.com      domain  \n",
+       "0  minerjson.oss-cn-beijing.aliyuncs.com      domain  \n",
+       "0  minerjson.oss-cn-beijing.aliyuncs.com      domain  \n",
+       "0  minerjson.oss-cn-beijing.aliyuncs.com      domain  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# gather meta data about target (itw url)\n",
+    "itw_enrichment = vt_client.lookup_iocs(cryptominer_itw_df, 'target', 'target_type', all_props=True)\n",
+    "itw_enrichment = itw_enrichment[ ['id', 'url'] ]\n",
+    "itw_enrichment['host'] = itw_enrichment.apply(lambda x:get_host(x.url)[1], axis=1)\n",
+    "itw_enrichment['host.type'] = itw_enrichment.apply(lambda x: ('ip_address', 'domain')[len(re.findall(r\"[A-z]{1,}\", x.host)) > 0], axis=1)\n",
+    "itw_enrichment.drop_duplicates(inplace=True)\n",
+    "\n",
+    "display(itw_enrichment.head())"
+   ]
+  },
+  {
+   "attachments": {},
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Merging and Summarizing Findings\n",
+    "The final step is to merge, format, and summarize the findings by using methods native to pandas."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>source</th>\n",
+       "      <th>source.name</th>\n",
+       "      <th>source.type</th>\n",
+       "      <th>target</th>\n",
+       "      <th>target.name</th>\n",
+       "      <th>target_type</th>\n",
+       "      <th>target.host</th>\n",
+       "      <th>relationship_type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>config.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d</td>\n",
+       "      <td>http://27.1.1.34:8080/docs/config.json</td>\n",
+       "      <td>url</td>\n",
+       "      <td>27.1.1.34</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd</td>\n",
+       "      <td>zbetcheckin_tracker_config.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d</td>\n",
+       "      <td>http://27.1.1.34:8080/docs/config.json</td>\n",
+       "      <td>url</td>\n",
+       "      <td>27.1.1.34</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>server2.0.0.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546</td>\n",
+       "      <td>url</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>C:\\Users\\&lt;USER&gt;\\Downloads\\server.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546</td>\n",
+       "      <td>url</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad</td>\n",
+       "      <td>C:\\Users\\user\\Desktop\\server.json</td>\n",
+       "      <td>file</td>\n",
+       "      <td>ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c</td>\n",
+       "      <td>https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546</td>\n",
+       "      <td>url</td>\n",
+       "      <td>minerjson.oss-cn-beijing.aliyuncs.com</td>\n",
+       "      <td>itw_urls</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                             source  \\\n",
+       "0  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd   \n",
+       "1  d8d6ff48c3d2df3c8289e3c519e15b9a2110d08975eaddef995d95e4c0d970cd   \n",
+       "2  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "3  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "4  a80a424f11f3a55cd427011485b95f1f93b7f8492a1cf5dbe5ada1df4ca0f5ad   \n",
+       "\n",
+       "                             source.name source.type  \\\n",
+       "0                            config.json        file   \n",
+       "1        zbetcheckin_tracker_config.json        file   \n",
+       "2                       server2.0.0.json        file   \n",
+       "3  C:\\Users\\<USER>\\Downloads\\server.json        file   \n",
+       "4      C:\\Users\\user\\Desktop\\server.json        file   \n",
+       "\n",
+       "                                                             target  \\\n",
+       "0  81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d   \n",
+       "1  81734d74cdbc7a2b58442e8bae0f5b0352717346107e30d37e8e041248fe503d   \n",
+       "2  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "3  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "4  ac441d52afe44184afbf85baab9722c94859dbf834b95359e3c16a26fe70538c   \n",
+       "\n",
+       "                                                                           target.name  \\\n",
+       "0                                               http://27.1.1.34:8080/docs/config.json   \n",
+       "1                                               http://27.1.1.34:8080/docs/config.json   \n",
+       "2  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546   \n",
+       "3  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546   \n",
+       "4  https://minerjson.oss-cn-beijing.aliyuncs.com/server2.0.0.json?t=638058298707060546   \n",
+       "\n",
+       "  target_type                            target.host relationship_type  \n",
+       "0         url                              27.1.1.34          itw_urls  \n",
+       "1         url                              27.1.1.34          itw_urls  \n",
+       "2         url  minerjson.oss-cn-beijing.aliyuncs.com          itw_urls  \n",
+       "3         url  minerjson.oss-cn-beijing.aliyuncs.com          itw_urls  \n",
+       "4         url  minerjson.oss-cn-beijing.aliyuncs.com          itw_urls  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>source</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>target.host</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>45.90.220.62</th>\n",
+       "      <td>45</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>cdn.discordapp.com</th>\n",
+       "      <td>45</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>raw.githubusercontent.com</th>\n",
+       "      <td>45</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>minerjson.oss-cn-beijing.aliyuncs.com</th>\n",
+       "      <td>15</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>27.1.1.34</th>\n",
+       "      <td>2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>k2ygoods.top</th>\n",
+       "      <td>2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>main.cloudfronts.net</th>\n",
+       "      <td>2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>50.63.143.208</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>hk.kuai-go.com</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>safe.kuai-go.com</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                       source\n",
+       "target.host                                  \n",
+       "45.90.220.62                               45\n",
+       "cdn.discordapp.com                         45\n",
+       "raw.githubusercontent.com                  45\n",
+       "minerjson.oss-cn-beijing.aliyuncs.com      15\n",
+       "27.1.1.34                                   2\n",
+       "k2ygoods.top                                2\n",
+       "main.cloudfronts.net                        2\n",
+       "50.63.143.208                               1\n",
+       "hk.kuai-go.com                              1\n",
+       "safe.kuai-go.com                            1"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# merge, reorder, and rename dataframe\n",
+    "cryptominer_itw_df = cryptominer_itw_df.merge(itw_enrichment, how='left', left_on='target', right_on='id')\n",
+    "cryptominer_itw_df = cryptominer_itw_df[ ['source', 'source.name', 'source_type', 'target', 'url', 'target_type', 'host', 'relationship_type', ] ]\n",
+    "cryptominer_itw_df.rename(columns={\"source_type\": \"source.type\", \"url\": \"target.name\", 'host':'target.host'}, inplace=True)\n",
+    "\n",
+    "display(cryptominer_itw_df.head())\n",
+    "\n",
+    "display(cryptominer_itw_df.groupby('target.host').count()[['source']].sort_values('source', ascending=False))"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "3000"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "import sys\n",
+    "sys.getrecursionlimit()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.10.6"
+  },
+  "orig_nbformat": 4
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/msticpy/context/vtlookupv3/vtlookupv3.py b/msticpy/context/vtlookupv3/vtlookupv3.py
index 783139ca8..c3cfbf3dc 100644
--- a/msticpy/context/vtlookupv3/vtlookupv3.py
+++ b/msticpy/context/vtlookupv3/vtlookupv3.py
@@ -120,6 +120,9 @@ class VTLookupV3:
         VTEntityType.DOMAIN: {"id", "creation_date", "last_update_date", "country"},
     }
 
+    _DEFAULT_SEARCH_LIMIT = 1000  # prevents vague queries from pulling 1M+ files
+    _SEARCH_API_ENDPOINT = "/intelligence/search"
+
     @property
     def supported_vt_types(self) -> List[str]:
         """
@@ -508,7 +511,6 @@ def lookup_ioc_relationships(
         relationship: str,
         limit: Optional[int] = None,
         all_props: bool = False,
-        full_objects: bool = False,
     ) -> pd.DataFrame:
         """
         Look up single IoC observable relationship links.
@@ -525,8 +527,6 @@ def lookup_ioc_relationships(
             Relations limit
         all_props : bool, optional
             If True, return all properties, by default False
-        full_objects : bool, optional
-            If True, return the full object rather than just ID links.
 
         Returns
         -------
@@ -546,23 +546,14 @@ def lookup_ioc_relationships(
         try:
             return _make_sync(
                 self._lookup_ioc_relationships_async(
-                    observable,
-                    vt_type,
-                    relationship,
-                    limit,
-                    all_props=all_props,
-                    full_objects=full_objects,
+                    observable, vt_type, relationship, limit, all_props=all_props
                 )
             )
         finally:
             self._vt_client.close()
 
     def lookup_ioc_related(
-        self,
-        observable: str,
-        vt_type: str,
-        relationship: str,
-        limit: Optional[int] = None,
+        self, observable: str, vt_type: str, relationship: str, limit: int = None
     ) -> pd.DataFrame:
         """
         Look single IoC observable related items.
@@ -613,7 +604,7 @@ async def _lookup_iocs_relationships_async(
         relationship: str,
         observable_column: str = ColumnNames.TARGET.value,
         observable_type_column: str = ColumnNames.TARGET_TYPE.value,
-        limit: int = None,
+        limit: Optional[int] = None,
         all_props: bool = False,
     ) -> pd.DataFrame:
         """
@@ -879,6 +870,112 @@ def get_file_behavior(
         vt_behavior.get_file_behavior(sandbox=sandbox)
         return vt_behavior
 
+    def search(
+        self, query: str, limit: Optional[int] = _DEFAULT_SEARCH_LIMIT
+    ) -> pd.DataFrame:
+        """
+        Return results of a VT search query as a DataFrame.
+
+        Parameters
+        ----------
+        query : str
+            Virus Total Intelligence Search string
+        limit : int (default: 1,000)
+            Number of intended results
+
+        Returns
+        -------
+        pd.DataFrame
+            Search query results.
+
+        """
+        # run virus total intelligence search using iterator
+        try:
+            response_itr = self._vt_client.iterator(
+                self._SEARCH_API_ENDPOINT, params={"query": query}, limit=limit
+            )
+            response_list = list(map(lambda item: item.to_dict(), response_itr))
+        except vt.APIError as api_err:
+            raise MsticpyVTNoDataError(
+                f"The provided query returned 0 results because of an APIError: {api_err}"
+            ) from api_err
+
+        if len(response_list) == 0:
+            raise MsticpyVTNoDataError("The provided query returned 0 results")
+
+        response_df = self._extract_response(response_list)
+        return timestamps_to_utcdate(response_df)
+
+    def iterator(
+        self, path, *path_args, params=None, cursor=None, limit=None, batch_size=0
+    ) -> vt.Iterator:
+        """
+        Return an iterator for the collection specified by the given path.
+
+        The endpoint specified by path must return a collection of objects. An
+        example of such an endpoint are /comments and /intelligence/search.
+
+        SOURCE: https://github.com/VirusTotal/vt-py/blob/
+        6bf4decb5bbd80bfc60e74ee3caa4c9073cea38c/vt/client.py
+
+        Parameters
+        ----------
+        path : str
+            Path to API endpoint returning a collection.
+        path_args: dict
+            A variable number of arguments that are put into any placeholders used in path.
+        params: dict
+            Additional parameters passed to the endpoint.
+        cursor: str
+            Cursor for resuming the iteration at the point it was left previously.
+            A cursor can be obtained with Iterator.cursor(). This
+            cursor is not the same one returned by the VirusTotal API.
+        limit: int
+            Maximum number of objects that will be returned by the iterator.
+            If a limit is not provided the iterator continues until it reaches the
+            last object in the collection.
+        batch_size: int
+            Maximum number of objects retrieved on each call to the endpoint.
+            If not provided the server will decide how many objects to return.
+
+        Returns
+        -------
+        vt.Iterator
+            An instance of vt.Iterator
+
+        """
+        return self._vt_client.iterator(
+            path, path_args, params, cursor, limit, batch_size
+        )
+
+    def _extract_response(self, response_list: list) -> pd.DataFrame:
+        """
+        Convert list of dictionaries from search() function to DataFrame.
+
+        Parameters
+        ----------
+        response_list : list
+            A list of dictionaries representing a virus total object
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame with the attributes of the virus total object
+
+        """
+        # loop to convert from list of vt.Object to pd.DataFrame
+        response_rows = []
+        for response_item in response_list:
+            # flatten nested dictionary and append id, type values
+            response_item_df = pd.json_normalize(response_item["attributes"])
+            response_item_df["id"] = response_item["id"]
+            response_item_df["type"] = response_item["type"]
+
+            response_rows.append(response_item_df)
+
+        response_df = pd.concat(response_rows, axis=0, ignore_index=True)
+        return timestamps_to_utcdate(response_df)
+
     @staticmethod
     def relationships_to_graph(
         relationship_dfs: List[pd.DataFrame],
diff --git a/tests/context/test_vtlookupv3.py b/tests/context/test_vtlookupv3.py
index 2933019c6..645675b44 100644
--- a/tests/context/test_vtlookupv3.py
+++ b/tests/context/test_vtlookupv3.py
@@ -94,6 +94,7 @@ class VTClient:
     _FB_SUM_FILE = "vt3_behavior_summary.json"
     _FB_MS_FILE = "vt3_behavior_ms_sysinternals.json"
     _FILE_SUMMARY = "vt3_file_1.json"
+    _SEARCH_FILE = "vt3_search.json"
 
     _URL_OBJS = [
         json.loads(_D_ROOT.joinpath(url_file).read_text()) for url_file in _OBJ_FILES
@@ -102,6 +103,7 @@ class VTClient:
     _VT_FB_SUMMARY = json.loads(_D_ROOT.joinpath(_FB_SUM_FILE).read_text())
     _VT_FB_MSSYS = json.loads(_D_ROOT.joinpath(_FB_MS_FILE).read_text())
     _VT_FILE_SUMMARY = json.loads(_D_ROOT.joinpath(_FILE_SUMMARY).read_text())
+    _SEARCH_OBJS = json.loads(_D_ROOT.joinpath(_SEARCH_FILE).read_text())
 
     def __init__(self, apikey: Optional[str] = None):
         """Initialize the class."""
@@ -139,7 +141,17 @@ def iterator(
         self, path: str, *path_args, params=None, cursor=None, limit=0, batch_size=0
     ) -> Iterator:
         """Return an iterator of VT objects."""
-        del path_args, params, cursor, limit, batch_size
+        del path_args, cursor, limit, batch_size
+        if "/intelligence/search" in path:
+            query = params.get("query")
+            return iter(
+                VtObject.from_dict(search_item)
+                for search_item in self._SEARCH_OBJS[query]
+            )
+            # if query == "engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:2d+":
+            #     raise MsticpyVTNoDataError("0 Results")
+            # elif query == "engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:30d+":
+            #     return iter(VtObject.from_dict(search_item) for search_item in self._SEARCH_OBJS[query])
         if "relationships" in path:
             return iter(VtObject.from_dict(url_data) for url_data in self._URL_LINKS)
         return iter(VtObject.from_dict(url_data) for url_data in self._URL_OBJS)
@@ -398,3 +410,30 @@ def test_get_object_browser(vt_client: VTLookupV3):
         vt_browser._current_data.iloc[0].id,
         "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
     )
+
+
+@pytest.mark.filterwarnings("ignore::UserWarning")
+def test_vt_search(vt_client: VTLookupV3):
+    """Test search API."""
+
+    with pytest.raises(MsticpyVTNoDataError):
+        result_df = vt_client.search(
+            query="engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:2d+"
+        )
+
+    result_df = vt_client.search(
+        query="engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:30d+"
+    )
+    rows, cols = result_df.shape
+
+    # check integrity of shape
+    check.equal(rows, 5)
+    check.equal(cols, 613)
+
+    # check integrity of content
+    check.is_true("crowdsourced_ids_stats.medium" in result_df.columns)
+    check.is_true("sigma_analysis_stats.medium" in result_df.columns)
+    check.is_true(
+        result_df.loc[3, "last_analysis_results.FireEye.result"]
+        == "Application.Bundler.GL"
+    )
diff --git a/tests/testdata/vt3_search.json b/tests/testdata/vt3_search.json
new file mode 100644
index 000000000..16a45280a
--- /dev/null
+++ b/tests/testdata/vt3_search.json
@@ -0,0 +1,6853 @@
+{
+    "engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:2d+": [
+        
+    ],
+    "engines:trojan and tag:signed and p:60+ and microsoft:clean and not tag:invalid-signature and ls:30d+": [
+          {
+            "attributes": {
+              "type_description": "Win32 EXE",
+              "tlsh": "T1F1F4F18175A88046F39316B6365F7210059B7F9692B8D30E310DFBE92FB3784991EF62",
+              "vhash": "07503f7f5d50101011z11z27z1015z10101011z1019z",
+              "exiftool": {
+                "SubsystemVersion": "5.1",
+                "InitializedDataSize": "731648",
+                "ImageVersion": "0.0",
+                "FileSubtype": "0",
+                "FileVersionNumber": "2.0.7.3",
+                "LanguageCode": "English (U.S.)",
+                "InternalName": "setup.exe",
+                "FileDescription": "Windows Media Player              ",
+                "ImageFileCharacteristics": "Executable, 32-bit, No debug",
+                "CharacterSet": "Unicode",
+                "LinkerVersion": "10.0",
+                "FileTypeExtension": "exe",
+                "OriginalFileName": "setup.exe",
+                "MIMEType": "application/octet-stream",
+                "LegalCopyright": "(c) AirInstaller                  ",
+                "FileVersion": "2.0.7.3",
+                "TimeStamp": "2014:05:14 16:38:04+00:00",
+                "FileType": "Win32 EXE",
+                "PEType": "PE32",
+                "FileFlagsMask": "0x003f",
+                "ProductVersion": "2.0.7.3",
+                "UninitializedDataSize": "0",
+                "OSVersion": "5.1",
+                "FileOS": "Windows NT 32-bit",
+                "Subsystem": "Windows GUI",
+                "MachineType": "Intel 386 or later, and compatibles",
+                "CompanyName": "AirInstaller                                  ",
+                "CodeSize": "1728512",
+                "ProductName": "Windows Media Player                                     ",
+                "ProductVersionNumber": "2.0.7.3",
+                "EntryPoint": "0x25b418",
+                "ObjectFileType": "Executable application"
+              },
+              "type_tags": [
+                "executable",
+                "windows",
+                "win32",
+                "pe",
+                "peexe"
+              ],
+              "crowdsourced_yara_results": [
+                {
+                  "description": "Detects executables built or packed with MPress PE compressor",
+                  "source": "https://github.com/ditekshen/detection",
+                  "author": "ditekSHen",
+                  "ruleset_name": "indicator_packed",
+                  "rule_name": "INDICATOR_EXE_Packed_MPress",
+                  "ruleset_id": "00c291ca7f"
+                },
+                {
+                  "rule_name": "INDICATOR_EXE_Packed_MPress",
+                  "description": "Detects executables built or packed with MPress PE compressor",
+                  "author": "ditekSHen",
+                  "ruleset_id": "00c291ca7f",
+                  "ruleset_name": "indicator_packed",
+                  "match_in_subfile": true,
+                  "source": "https://github.com/ditekshen/detection"
+                }
+              ],
+              "creation_date": 1400085484,
+              "threat_severity": {
+                "threat_severity_level": "SEVERITY_LOW",
+                "threat_severity_data": {
+                  "num_gav_detections": 3,
+                  "popular_threat_category": "adware"
+                },
+                "last_analysis_date": "1701445268",
+                "version": 4,
+                "level_description": "Severity LOW because it was considered adware. Other contributing factor was that it could not be run in sandboxes."
+              },
+              "names": [
+                "setup.exe",
+                "993f5ab7fccc527964a59a906841cb0e.virus"
+              ],
+              "signature_info": {
+                "product": "Windows Media Player",
+                "verified": "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.",
+                "internal name": "setup.exe",
+                "file version": "2.0.7.3",
+                "original name": "setup.exe",
+                "x509": [
+                  {
+                    "name": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "algorithm": "sha1RSA",
+                    "valid from": "2006-11-08 00:00:00",
+                    "valid to": "2036-07-16 23:59:59",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  },
+                  {
+                    "name": "Air Software",
+                    "algorithm": "sha1RSA",
+                    "valid from": "2013-01-25 00:00:00",
+                    "valid to": "2015-03-26 23:59:59",
+                    "serial number": "3A C7 86 E0 92 19 DF 82 DA 83 0E 46 1D 4F C3 9F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "AC28E2D7ECDD00692D44AC1A4FEA83FD49042A21",
+                    "valid_usage": "Code Signing"
+                  }
+                ],
+                "signers": "Air Software; VeriSign Class 3 Code Signing 2010 CA; VeriSign",
+                "copyright": "(c) AirInstaller",
+                "signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Code Signing",
+                    "name": "Air Software",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 01/25/2013",
+                    "valid to": "11:59 PM 03/26/2015",
+                    "serial number": "3A C7 86 E0 92 19 DF 82 DA 83 0E 46 1D 4F C3 9F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "AC28E2D7ECDD00692D44AC1A4FEA83FD49042A21"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Client Auth, Code Signing",
+                    "name": "VeriSign Class 3 Code Signing 2010 CA",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 02/08/2010",
+                    "valid to": "11:59 PM 02/07/2020",
+                    "serial number": "52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "495847A93187CFB8C71F840CB7B41497AD95C64F"
+                  },
+                  {
+                    "status": "Valid",
+                    "valid usage": "Client Auth, Code Signing, Email Protection, Server Auth",
+                    "name": "VeriSign",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 11/08/2006",
+                    "valid to": "11:59 PM 07/16/2036",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  }
+                ],
+                "description": "Windows Media Player"
+              },
+              "last_modification_date": 1701567893,
+              "type_tag": "peexe",
+              "times_submitted": 1,
+              "total_votes": {
+                "harmless": 0,
+                "malicious": 0
+              },
+              "size": 773040,
+              "popular_threat_classification": {
+                "suggested_threat_label": "adware.airadinstaller/airinstall",
+                "popular_threat_category": [
+                  {
+                    "count": 20,
+                    "value": "adware"
+                  },
+                  {
+                    "count": 5,
+                    "value": "trojan"
+                  },
+                  {
+                    "count": 2,
+                    "value": "virus"
+                  }
+                ],
+                "popular_threat_name": [
+                  {
+                    "count": 13,
+                    "value": "airadinstaller"
+                  },
+                  {
+                    "count": 7,
+                    "value": "airinstall"
+                  },
+                  {
+                    "count": 5,
+                    "value": "bundler"
+                  }
+                ]
+              },
+              "authentihash": "38334a10c36f3c2821147d7f4486de3221b6b633104df299c657081defdc2f17",
+              "detectiteasy": {
+                "filetype": "PE32",
+                "values": [
+                  {
+                    "version": "2.01-2.12",
+                    "type": "Packer",
+                    "name": "EP:MPRESS"
+                  },
+                  {
+                    "version": "2.19",
+                    "type": "Packer",
+                    "name": "MPRESS"
+                  },
+                  {
+                    "info": "PKCS #7",
+                    "version": "2.0",
+                    "type": "Sign tool",
+                    "name": "Windows Authenticode"
+                  }
+                ]
+              },
+              "last_submission_date": 1701445232,
+              "meaningful_name": "setup.exe",
+              "downloadable": true,
+              "trid": [
+                {
+                  "file_type": "Win32 Executable (generic)",
+                  "probability": 52.9
+                },
+                {
+                  "file_type": "Generic Win/DOS Executable",
+                  "probability": 23.5
+                },
+                {
+                  "file_type": "DOS Executable Generic",
+                  "probability": 23.5
+                }
+              ],
+              "sandbox_verdicts": {
+                "C2AE": {
+                  "category": "undetected",
+                  "sandbox_name": "C2AE",
+                  "malware_classification": [
+                    "UNKNOWN_VERDICT"
+                  ]
+                }
+              },
+              "sha256": "666a512a1251ea4921ef6bd129e30f76f08833f68fb27bd06ecd02481fa159f8",
+              "type_extension": "exe",
+              "tags": [
+                "peexe",
+                "signed",
+                "overlay"
+              ],
+              "last_analysis_date": 1701489233,
+              "unique_sources": 1,
+              "first_submission_date": 1701445232,
+              "sha1": "34ac07fd5a22dcc21b3d868d454ae5c7ef215449",
+              "ssdeep": "12288:DsqLSiix1vV13me30XpR2/rUOrcbUagbaV2aWwYPvs2O1akJZ81C/wtzOmozJgm:QeSiiDr0Lar1QbUakaV2aDYcT1FJUCV3",
+              "md5": "993f5ab7fccc527964a59a906841cb0e",
+              "pe_info": {
+                "resource_details": [
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.026951551437378,
+                    "chi2": 20527.75,
+                    "filetype": "unknown",
+                    "sha256": "fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.7427444458007812,
+                    "chi2": 18573.42,
+                    "filetype": "unknown",
+                    "sha256": "f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.3403780460357666,
+                    "chi2": 25932,
+                    "filetype": "unknown",
+                    "sha256": "652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.3400356769561768,
+                    "chi2": 25714.24,
+                    "filetype": "unknown",
+                    "sha256": "0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.5164902210235596,
+                    "chi2": 23739.37,
+                    "filetype": "unknown",
+                    "sha256": "368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.4540092945098877,
+                    "chi2": 24244.72,
+                    "filetype": "unknown",
+                    "sha256": "6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.348637342453003,
+                    "chi2": 26429.05,
+                    "filetype": "unknown",
+                    "sha256": "9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.345054864883423,
+                    "chi2": 26435.7,
+                    "filetype": "unknown",
+                    "sha256": "322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.348637342453003,
+                    "chi2": 26429.05,
+                    "filetype": "unknown",
+                    "sha256": "8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.3111374378204346,
+                    "chi2": 26837.98,
+                    "filetype": "unknown",
+                    "sha256": "f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.3360934257507324,
+                    "chi2": 16714.33,
+                    "filetype": "unknown",
+                    "sha256": "601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.8131332397460938,
+                    "chi2": 20248.46,
+                    "filetype": "unknown",
+                    "sha256": "2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.8149096965789795,
+                    "chi2": 11233.61,
+                    "filetype": "unknown",
+                    "sha256": "cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.1001555919647217,
+                    "chi2": 30412,
+                    "filetype": "unknown",
+                    "sha256": "c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.9705222845077515,
+                    "chi2": 31043.69,
+                    "filetype": "unknown",
+                    "sha256": "f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.2269911766052246,
+                    "chi2": 28832.78,
+                    "filetype": "unknown",
+                    "sha256": "ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.830580472946167,
+                    "chi2": 91489.58,
+                    "filetype": "unknown",
+                    "sha256": "25d9f475046e8b16052c0d121f5600a3e7a2e4d46bd334ef72452e2b8966e9df",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 5.513514995574951,
+                    "chi2": 64637.27,
+                    "filetype": "unknown",
+                    "sha256": "84b61b57e1d1be401d0c53df48d4fc63ab1534aa720866edcf6f4740abd89b4c",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 5.516096591949463,
+                    "chi2": 63724.72,
+                    "filetype": "unknown",
+                    "sha256": "1628d536d6c8e259db567e76c71343ae3dec1e93f068d3e97a68836d2044fdfc",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.236664295196533,
+                    "chi2": 15874.44,
+                    "filetype": "unknown",
+                    "sha256": "e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.876206636428833,
+                    "chi2": 15870.37,
+                    "filetype": "unknown",
+                    "sha256": "abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.257547616958618,
+                    "chi2": 19156.54,
+                    "filetype": "unknown",
+                    "sha256": "f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.471505880355835,
+                    "chi2": 66221.41,
+                    "filetype": "unknown",
+                    "sha256": "dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.9170761108398438,
+                    "chi2": 32078.37,
+                    "filetype": "unknown",
+                    "sha256": "ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.913663148880005,
+                    "chi2": 93509.07,
+                    "filetype": "unknown",
+                    "sha256": "3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.156541347503662,
+                    "chi2": 29455.43,
+                    "filetype": "unknown",
+                    "sha256": "359939b8fdb09d588d1ff8c3d13425bcc97652d67baa84ef06a9863e671d30de",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.680901527404785,
+                    "chi2": 7629.22,
+                    "filetype": "unknown",
+                    "sha256": "7507e17135a212155486eddd0527f97dd2e2f6a5ba36602adfc85a447255e69e",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.9189038276672363,
+                    "chi2": 19601.25,
+                    "filetype": "unknown",
+                    "sha256": "0a04b0b94eaabef13699405a42896cb97009e871fffae3ee0430ff2deedf778c",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.627751350402832,
+                    "chi2": 6970.74,
+                    "filetype": "unknown",
+                    "sha256": "17815509670d1d3063b27fdb219fe3831ce639e387d353525a65d8a39346594c",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.794792890548706,
+                    "chi2": 14695.28,
+                    "filetype": "unknown",
+                    "sha256": "d1d7093bb45e83dc3a4547426aa0820ff19a01ead71dd163c71a0c1cb5914011",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.1811654567718506,
+                    "chi2": 21621.06,
+                    "filetype": "unknown",
+                    "sha256": "2e29c7e2277902b52bbd19dcaec60f343eea03054e7a27bfaa15aa496ecd3f00",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.25520658493042,
+                    "chi2": 27807.04,
+                    "filetype": "unknown",
+                    "sha256": "07aa345e4c26d0118fb93cc11de71987fbcc7543218fdd8f7e0f9da0b8b733af",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 3.2811996936798096,
+                    "chi2": 35003.22,
+                    "filetype": "unknown",
+                    "sha256": "9b2e5625f876212cfe97b864b7d5a4d43d6478e01f6c7ca416270fce0221f02b",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.6887717247009277,
+                    "chi2": 14226.05,
+                    "filetype": "unknown",
+                    "sha256": "ea0e2b437c0eec76e2361d46810a3216d5560e848d19da47b4ce8fb2afcc5914",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.7853336334228516,
+                    "chi2": 14974.25,
+                    "filetype": "unknown",
+                    "sha256": "c5574e93050fcdf8eca843de015c97c22a5468d60cfa14fccd3939cf9aeb2af7",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 2.627751350402832,
+                    "chi2": 6970.74,
+                    "filetype": "unknown",
+                    "sha256": "0475cc6dcef54e3ef1b701496402c567b77680d1a7ba62648c75950ac7936fd8",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.0667619705200195,
+                    "chi2": 20890.21,
+                    "filetype": "unknown",
+                    "sha256": "6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.416691780090332,
+                    "chi2": 5146.77,
+                    "filetype": "unknown",
+                    "sha256": "4cf716efaf68e0cb2ec45ec55d291050b5712b05653cae68edbb999f803d2a98",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.8843237161636353,
+                    "chi2": 174115.47,
+                    "filetype": "unknown",
+                    "sha256": "9008494d35fb63d113ba0425f9a971931ab80ff0982fe1993405c803f95bcbea",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.6804707050323486,
+                    "chi2": 258680.75,
+                    "filetype": "unknown",
+                    "sha256": "386394243db3ad07e934dfa6444741378e9b8bee62eea56efca18342415ca197",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.8531612157821655,
+                    "chi2": 104819.45,
+                    "filetype": "ICO",
+                    "sha256": "0f01de172553de79f5c1047b9c50c796573236bd80b36d3968002eb191b7654f",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.1883176565170288,
+                    "chi2": 8034.7,
+                    "filetype": "unknown",
+                    "sha256": "55b63c6e7176e432ef2438b21cbf0da3eaf282348b35538a25e1a5ded38310f6",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.8170533180236816,
+                    "chi2": 11575.1,
+                    "filetype": "unknown",
+                    "sha256": "d91dc4e26fd86def5ee907c72f32457bea07d21fa618012245f641d08501548d",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 0.9609531760215759,
+                    "chi2": 7894,
+                    "filetype": "unknown",
+                    "sha256": "05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.0863356590270996,
+                    "chi2": 28454.22,
+                    "filetype": "unknown",
+                    "sha256": "9665348f07508c6c2a568fc90ec4c04736668adc3521e311a4c7659973d92313",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.2577946186065674,
+                    "chi2": 84241,
+                    "filetype": "unknown",
+                    "sha256": "0519d7704cb64bab3aeca7c3b96affd55641099a2a162e88537cb1b8dbfcd540",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.1127493381500244,
+                    "chi2": 42321.52,
+                    "filetype": "unknown",
+                    "sha256": "eaa0b4fe4704e193dd2ed1f8de1cb20e1001034fdb30307ee44aa664966d4ffc",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.1669445037841797,
+                    "chi2": 51283.59,
+                    "filetype": "unknown",
+                    "sha256": "cffcd4956911b3d50eef378cb051e598baba0db48246b07780af03b01c67c64d",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.7108659744262695,
+                    "chi2": 12962.52,
+                    "filetype": "unknown",
+                    "sha256": "35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.6390249729156494,
+                    "chi2": 15271.34,
+                    "filetype": "unknown",
+                    "sha256": "1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.878065586090088,
+                    "chi2": 18244.59,
+                    "filetype": "unknown",
+                    "sha256": "31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.246713876724243,
+                    "chi2": 79999.88,
+                    "filetype": "unknown",
+                    "sha256": "2b5551644093e58a4af74928fb744bd735fa2ef5f99824e6918ff9f6a33a3803",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.1069495677948,
+                    "chi2": 39042.69,
+                    "filetype": "unknown",
+                    "sha256": "e9212b16f2d3292d0b0eb67134a70778ff1b0aede4918831e5bdba3f950db2a7",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 1.0787549018859863,
+                    "chi2": 7961.82,
+                    "filetype": "unknown",
+                    "sha256": "0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.176704168319702,
+                    "chi2": 91683.09,
+                    "filetype": "unknown",
+                    "sha256": "267abecc36a0c7b614732ee6bc26b05abdb3f53fe4d6e09691543c4ca0bc8f20",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.254513740539551,
+                    "chi2": 2977.76,
+                    "filetype": "unknown",
+                    "sha256": "bb88f756ae5fa20409bbc7bc8e0bd3a7d04838dee9eb76559d5927350604d196",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "8a495f17bc472bfc5e6923d9efa687848fac027ad60694f9c3f10a4f7b194924",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "28b8110695851e5280ff55cb78507b03e8b74dd370b8e122179c82b56f7e5f37",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "9c17b4621412d6ded24a76aed74d4425ae61f86b6d4092ca1e28ca66b7c71399",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "ec26c438d10e3e84ec855c47f07a176e6c11bbfae1557d526490711b80f087fe",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "a2f0549cca7170ae03ba042464efe62365fba38c20049e439871c9e5ce0f914f",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.0192408561706543,
+                    "chi2": 1797.6,
+                    "filetype": "unknown",
+                    "sha256": "b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 2.645763397216797,
+                    "chi2": 4215.68,
+                    "filetype": "ICO",
+                    "sha256": "44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c",
+                    "type": "RT_GROUP_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.1864521503448486,
+                    "chi2": 74121.87,
+                    "filetype": "unknown",
+                    "sha256": "0b691b9da26847834d1d946d67a9bb4a7c1e96408653458b8c11a7d0f65ec8a6",
+                    "type": "RT_VERSION"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.492857456207275,
+                    "chi2": 7820.9,
+                    "filetype": "unknown",
+                    "sha256": "c52ac33071e2669b5e89f9d070a06f8c19abd939269db83c39d55d807affa747",
+                    "type": "RT_HTML"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 5.248291015625,
+                    "chi2": 2688.71,
+                    "filetype": "unknown",
+                    "sha256": "e9dbe3dac11acf4d51249dd727798c0c907bfb8cefcf1ca65d5f359f8f51ff8c",
+                    "type": "RT_HTML"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 0.2040688544511795,
+                    "chi2": 1026029.38,
+                    "filetype": "unknown",
+                    "sha256": "28df82b9a10045a70dbca2ea8ef3b7cedddae9e6977be00baad130e15c77091e",
+                    "type": "RT_HTML"
+                  },
+                  {
+                    "lang": "ENGLISH CAN",
+                    "entropy": 0.30072614550590515,
+                    "chi2": 744858,
+                    "filetype": "unknown",
+                    "sha256": "70c7fa4611452b9d081d3a29c961d54d4ccbaef369b04d8b580d0a2952cfd65a",
+                    "type": "RT_HTML"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.263990879058838,
+                    "chi2": 9433.71,
+                    "filetype": "unknown",
+                    "sha256": "27c3c356593d95590469cab1141131aa523db3432701a3a01f5526be0c6c7b7f",
+                    "type": "RT_MANIFEST"
+                  }
+                ],
+                "resource_types": {
+                  "RT_DIALOG": 13,
+                  "RT_HTML": 4,
+                  "RT_GROUP_CURSOR": 15,
+                  "RT_ICON": 4,
+                  "RT_MANIFEST": 1,
+                  "RT_STRING": 17,
+                  "RT_BITMAP": 5,
+                  "RT_CURSOR": 16,
+                  "RT_VERSION": 1,
+                  "RT_GROUP_ICON": 1
+                },
+                "imphash": "f1331430ada73b1c300686e59b460e0d",
+                "overlay": {
+                  "entropy": 7.2762651443481445,
+                  "offset": 768000,
+                  "chi2": 8792.13,
+                  "filetype": "unknown",
+                  "md5": "b44bff3485c3d793d841fbbcea012b2c",
+                  "size": 5040
+                },
+                "resource_langs": {
+                  "ENGLISH CAN": 12,
+                  "ENGLISH US": 65
+                },
+                "machine_type": 332,
+                "timestamp": 1400085484,
+                "entry_point": 2470936,
+                "sections": [
+                  {
+                    "name": ".MPRESS1",
+                    "chi2": 224.68,
+                    "virtual_address": 4096,
+                    "flags": "rwx",
+                    "raw_size": 700928,
+                    "entropy": 8,
+                    "virtual_size": 2465792,
+                    "md5": "9b3fb903e2afbe0b59287d386b61a53b"
+                  },
+                  {
+                    "name": ".MPRESS2",
+                    "chi2": 59487.62,
+                    "virtual_address": 2469888,
+                    "flags": "rwx",
+                    "raw_size": 4096,
+                    "entropy": 5.91,
+                    "virtual_size": 3970,
+                    "md5": "7b8e1142f74b349057d1cba5f8b94f8f"
+                  },
+                  {
+                    "name": ".rsrc",
+                    "chi2": 1569198.12,
+                    "virtual_address": 2473984,
+                    "flags": "rw",
+                    "raw_size": 62464,
+                    "entropy": 5.19,
+                    "virtual_size": 62028,
+                    "md5": "f631a3c04e97e697ce53c2eb030bbc46"
+                  }
+                ],
+                "import_list": [
+                  {
+                    "library_name": "COMDLG32.dll",
+                    "imported_functions": [
+                      "GetFileTitleW"
+                    ]
+                  },
+                  {
+                    "library_name": "IMM32.dll",
+                    "imported_functions": [
+                      "ImmGetContext"
+                    ]
+                  },
+                  {
+                    "library_name": "urlmon.dll",
+                    "imported_functions": [
+                      "IsValidURL"
+                    ]
+                  },
+                  {
+                    "library_name": "gdiplus.dll",
+                    "imported_functions": [
+                      "GdipFree"
+                    ]
+                  },
+                  {
+                    "library_name": "oledlg.dll",
+                    "imported_functions": [
+                      "OleUIBusyW"
+                    ]
+                  },
+                  {
+                    "library_name": "SHELL32.dll",
+                    "imported_functions": [
+                      "Ord(155)"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEACC.dll",
+                    "imported_functions": [
+                      "LresultFromObject"
+                    ]
+                  },
+                  {
+                    "library_name": "COMCTL32.dll",
+                    "imported_functions": [
+                      "InitCommonControlsEx"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEAUT32.dll",
+                    "imported_functions": [
+                      "SysAllocStringLen"
+                    ]
+                  },
+                  {
+                    "library_name": "WINMM.dll",
+                    "imported_functions": [
+                      "PlaySoundW"
+                    ]
+                  },
+                  {
+                    "library_name": "WININET.dll",
+                    "imported_functions": [
+                      "InternetOpenW"
+                    ]
+                  },
+                  {
+                    "library_name": "GDI32.dll",
+                    "imported_functions": [
+                      "LPtoDP"
+                    ]
+                  },
+                  {
+                    "library_name": "KERNEL32.DLL",
+                    "imported_functions": [
+                      "GetModuleHandleA",
+                      "GetProcAddress"
+                    ]
+                  },
+                  {
+                    "library_name": "WINSPOOL.DRV",
+                    "imported_functions": [
+                      "OpenPrinterW"
+                    ]
+                  },
+                  {
+                    "library_name": "ADVAPI32.dll",
+                    "imported_functions": [
+                      "FreeSid"
+                    ]
+                  },
+                  {
+                    "library_name": "ole32.dll",
+                    "imported_functions": [
+                      "DoDragDrop"
+                    ]
+                  },
+                  {
+                    "library_name": "SHLWAPI.dll",
+                    "imported_functions": [
+                      "PathIsUNCW"
+                    ]
+                  },
+                  {
+                    "library_name": "USER32.dll",
+                    "imported_functions": [
+                      "GetDC"
+                    ]
+                  },
+                  {
+                    "library_name": "MSIMG32.dll",
+                    "imported_functions": [
+                      "AlphaBlend"
+                    ]
+                  }
+                ]
+              },
+              "magic": "MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS",
+              "main_icon": {
+                "raw_md5": "af05dd5bd4c3b1fc94922c75ed4f9519",
+                "dhash": "b2e0b496a6cada72"
+              },
+              "last_analysis_stats": {
+                "harmless": 0,
+                "type-unsupported": 4,
+                "suspicious": 0,
+                "confirmed-timeout": 0,
+                "timeout": 2,
+                "failure": 0,
+                "malicious": 60,
+                "undetected": 10
+              },
+              "last_analysis_results": {
+                "Bkav": {
+                  "category": "malicious",
+                  "engine_name": "Bkav",
+                  "engine_version": "2.0.0.1",
+                  "result": "W32.AIDetectMalware",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Lionic": {
+                  "category": "malicious",
+                  "engine_name": "Lionic",
+                  "engine_version": "7.5",
+                  "result": "Adware.Win32.AirAdInstaller.lZ0G",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Elastic": {
+                  "category": "malicious",
+                  "engine_name": "Elastic",
+                  "engine_version": "4.0.119",
+                  "result": "malicious (high confidence)",
+                  "method": "blacklist",
+                  "engine_update": "20231129"
+                },
+                "MicroWorld-eScan": {
+                  "category": "malicious",
+                  "engine_name": "MicroWorld-eScan",
+                  "engine_version": "14.0.409.0",
+                  "result": "Application.Bundler.AirInstall.A",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "FireEye": {
+                  "category": "malicious",
+                  "engine_name": "FireEye",
+                  "engine_version": "35.24.1.0",
+                  "result": "Generic.mg.993f5ab7fccc5279",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "CAT-QuickHeal": {
+                  "category": "malicious",
+                  "engine_name": "CAT-QuickHeal",
+                  "engine_version": "22.00",
+                  "result": "PUA.Airsoftwar.Gen",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Skyhigh": {
+                  "category": "malicious",
+                  "engine_name": "Skyhigh",
+                  "engine_version": "v2021.2.0+4045",
+                  "result": "RDN/Generic PUP.x",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "ALYac": {
+                  "category": "malicious",
+                  "engine_name": "ALYac",
+                  "engine_version": "1.1.3.1",
+                  "result": "Application.Bundler.AirInstall.A",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Malwarebytes": {
+                  "category": "malicious",
+                  "engine_name": "Malwarebytes",
+                  "engine_version": "4.5.5.54",
+                  "result": "PUP.Optional.DownLoadAdmin.DDS",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Zillya": {
+                  "category": "malicious",
+                  "engine_name": "Zillya",
+                  "engine_version": "2.0.0.5006",
+                  "result": "Adware.AgentCRT.Win32.476",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Sangfor": {
+                  "category": "malicious",
+                  "engine_name": "Sangfor",
+                  "engine_version": "2.23.0.0",
+                  "result": "PUA.Win32.Sign.a",
+                  "method": "blacklist",
+                  "engine_update": "20231122"
+                },
+                "K7AntiVirus": {
+                  "category": "malicious",
+                  "engine_name": "K7AntiVirus",
+                  "engine_version": "12.129.50367",
+                  "result": "Unwanted-Program ( 00575d0f1 )",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Alibaba": {
+                  "category": "malicious",
+                  "engine_name": "Alibaba",
+                  "engine_version": "0.3.0.5",
+                  "result": "AdWare:Win32/AirAdInstaller.69f656cf",
+                  "method": "blacklist",
+                  "engine_update": "20190527"
+                },
+                "K7GW": {
+                  "category": "malicious",
+                  "engine_name": "K7GW",
+                  "engine_version": "12.129.50367",
+                  "result": "Unwanted-Program ( 00575d0f1 )",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Cybereason": {
+                  "category": "undetected",
+                  "engine_name": "Cybereason",
+                  "engine_version": "1.2.449",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231102"
+                },
+                "Baidu": {
+                  "category": "malicious",
+                  "engine_name": "Baidu",
+                  "engine_version": "1.0.0.2",
+                  "result": "Win32.Adware.AirAdInstaller.a",
+                  "method": "blacklist",
+                  "engine_update": "20190318"
+                },
+                "VirIT": {
+                  "category": "malicious",
+                  "engine_name": "VirIT",
+                  "engine_version": "9.5.591",
+                  "result": "Adware.Win32.BundleApp.DQ",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "SymantecMobileInsight": {
+                  "category": "type-unsupported",
+                  "engine_name": "SymantecMobileInsight",
+                  "engine_version": "2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230119"
+                },
+                "Symantec": {
+                  "category": "malicious",
+                  "engine_name": "Symantec",
+                  "engine_version": "1.21.0.0",
+                  "result": "SMG.Heur!gen",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "tehtris": {
+                  "category": "undetected",
+                  "engine_name": "tehtris",
+                  "engine_version": "v0.1.4-109-g76614fd",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "ESET-NOD32": {
+                  "category": "malicious",
+                  "engine_name": "ESET-NOD32",
+                  "engine_version": "28333",
+                  "result": "a variant of Win32/AirAdInstaller.A potentially unwanted",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Cynet": {
+                  "category": "malicious",
+                  "engine_name": "Cynet",
+                  "engine_version": "4.0.0.28",
+                  "result": "Malicious (score: 100)",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "APEX": {
+                  "category": "malicious",
+                  "engine_name": "APEX",
+                  "engine_version": "6.478",
+                  "result": "Malicious",
+                  "method": "blacklist",
+                  "engine_update": "20231128"
+                },
+                "Paloalto": {
+                  "category": "undetected",
+                  "engine_name": "Paloalto",
+                  "engine_version": "0.9.0.1003",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "ClamAV": {
+                  "category": "malicious",
+                  "engine_name": "ClamAV",
+                  "engine_version": "1.2.1.0",
+                  "result": "Win.Trojan.Airinstall-1",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Kaspersky": {
+                  "category": "malicious",
+                  "engine_name": "Kaspersky",
+                  "engine_version": "22.0.1.28",
+                  "result": "HEUR:Trojan.Win32.Generic",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "BitDefender": {
+                  "category": "malicious",
+                  "engine_name": "BitDefender",
+                  "engine_version": "7.2",
+                  "result": "Application.Bundler.AirInstall.A",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "NANO-Antivirus": {
+                  "category": "malicious",
+                  "engine_name": "NANO-Antivirus",
+                  "engine_version": "1.0.146.25796",
+                  "result": "Riskware.Win32.AirAdInstaller.dagbnt",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "SUPERAntiSpyware": {
+                  "category": "malicious",
+                  "engine_name": "SUPERAntiSpyware",
+                  "engine_version": "5.6.0.1032",
+                  "result": "PUP.AirInstaller/Variant",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Avast": {
+                  "category": "malicious",
+                  "engine_name": "Avast",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:Adware-gen [Adw]",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Tencent": {
+                  "category": "malicious",
+                  "engine_name": "Tencent",
+                  "engine_version": "1.0.0.1",
+                  "result": "Malware.Win32.Gencirc.1154ce8b",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Trustlook": {
+                  "category": "type-unsupported",
+                  "engine_name": "Trustlook",
+                  "engine_version": "1.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Emsisoft": {
+                  "category": "malicious",
+                  "engine_name": "Emsisoft",
+                  "engine_version": "2022.6.0.32461",
+                  "result": "Application.AdBundle (A)",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "F-Secure": {
+                  "category": "malicious",
+                  "engine_name": "F-Secure",
+                  "engine_version": "18.10.1547.307",
+                  "result": "Adware.ADWARE/Adware.Gen",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "DrWeb": {
+                  "category": "malicious",
+                  "engine_name": "DrWeb",
+                  "engine_version": "7.0.61.8090",
+                  "result": "Adware.Downware.10718",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "VIPRE": {
+                  "category": "malicious",
+                  "engine_name": "VIPRE",
+                  "engine_version": "6.0.0.35",
+                  "result": "Application.Bundler.AirInstall.A",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "TrendMicro": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro",
+                  "engine_version": "11.0.0.1006",
+                  "result": "TROJ_GEN.R002C0OL123",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Trapmine": {
+                  "category": "malicious",
+                  "engine_name": "Trapmine",
+                  "engine_version": "4.0.14.97",
+                  "result": "malicious.high.ml.score",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "CMC": {
+                  "category": "undetected",
+                  "engine_name": "CMC",
+                  "engine_version": "2.4.2022.1",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230822"
+                },
+                "Sophos": {
+                  "category": "malicious",
+                  "engine_name": "Sophos",
+                  "engine_version": "2.4.3.0",
+                  "result": "AirInstaller (PUA)",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Ikarus": {
+                  "category": "malicious",
+                  "engine_name": "Ikarus",
+                  "engine_version": "6.2.4.0",
+                  "result": "PUA.AirAdInstaller",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Avast-Mobile": {
+                  "category": "type-unsupported",
+                  "engine_name": "Avast-Mobile",
+                  "engine_version": "231201-00",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Jiangmin": {
+                  "category": "malicious",
+                  "engine_name": "Jiangmin",
+                  "engine_version": "16.0.100",
+                  "result": "AdWare/AirAdInstaller.je",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Webroot": {
+                  "category": "malicious",
+                  "engine_name": "Webroot",
+                  "engine_version": "1.0.0.403",
+                  "result": "Pua.Airinstaller",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Google": {
+                  "category": "timeout",
+                  "engine_name": "Google",
+                  "engine_version": null,
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Avira": {
+                  "category": "malicious",
+                  "engine_name": "Avira",
+                  "engine_version": "8.3.3.16",
+                  "result": "ADWARE/Adware.Gen",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "MAX": {
+                  "category": "malicious",
+                  "engine_name": "MAX",
+                  "engine_version": "2023.1.4.1",
+                  "result": "malware (ai score=76)",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Antiy-AVL": {
+                  "category": "malicious",
+                  "engine_name": "Antiy-AVL",
+                  "engine_version": "3.0",
+                  "result": "GrayWare/Win32.AirAdInstaller",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Kingsoft": {
+                  "category": "undetected",
+                  "engine_name": "Kingsoft",
+                  "engine_version": "None",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230906"
+                },
+                "Microsoft": {
+                  "category": "timeout",
+                  "engine_name": "Microsoft",
+                  "engine_version": "1.1.23100.2009",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Gridinsoft": {
+                  "category": "malicious",
+                  "engine_name": "Gridinsoft",
+                  "engine_version": "1.0.150.174",
+                  "result": "Adware.Win32.Downloader.vl!c",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Xcitium": {
+                  "category": "malicious",
+                  "engine_name": "Xcitium",
+                  "engine_version": "36223",
+                  "result": "Application.Win32.AirAdInstaller.B@59lgi8",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Arcabit": {
+                  "category": "malicious",
+                  "engine_name": "Arcabit",
+                  "engine_version": "2022.0.0.18",
+                  "result": "Application.Bundler.AirInstall.A",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "ViRobot": {
+                  "category": "undetected",
+                  "engine_name": "ViRobot",
+                  "engine_version": "2014.3.20.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "ZoneAlarm": {
+                  "category": "malicious",
+                  "engine_name": "ZoneAlarm",
+                  "engine_version": "1.0",
+                  "result": "not-a-virus:HEUR:AdWare.Win32.Generic",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "GData": {
+                  "category": "malicious",
+                  "engine_name": "GData",
+                  "engine_version": "A:25.36906B:27.34062",
+                  "result": "Win32.Adware.DownloadAssistant.G",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Varist": {
+                  "category": "malicious",
+                  "engine_name": "Varist",
+                  "engine_version": "6.5.1.2",
+                  "result": "W32/S-5866edb0!Eldorado",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "BitDefenderFalx": {
+                  "category": "type-unsupported",
+                  "engine_name": "BitDefenderFalx",
+                  "engine_version": "2.0.936",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231121"
+                },
+                "AhnLab-V3": {
+                  "category": "undetected",
+                  "engine_name": "AhnLab-V3",
+                  "engine_version": "3.24.0.10447",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Acronis": {
+                  "category": "undetected",
+                  "engine_name": "Acronis",
+                  "engine_version": "1.2.0.121",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230828"
+                },
+                "McAfee": {
+                  "category": "malicious",
+                  "engine_name": "McAfee",
+                  "engine_version": "6.0.6.653",
+                  "result": "RDN/Generic PUP.x",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "TACHYON": {
+                  "category": "malicious",
+                  "engine_name": "TACHYON",
+                  "engine_version": "2023-12-02.01",
+                  "result": "Trojan-Clicker/W32.AirAdInstaller.773040",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "VBA32": {
+                  "category": "malicious",
+                  "engine_name": "VBA32",
+                  "engine_version": "5.0.0",
+                  "result": "BScope.Adware.AirAdInstaller",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Cylance": {
+                  "category": "malicious",
+                  "engine_name": "Cylance",
+                  "engine_version": "2.0.0.0",
+                  "result": "unsafe",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "Panda": {
+                  "category": "malicious",
+                  "engine_name": "Panda",
+                  "engine_version": "4.6.4.2",
+                  "result": "Adware/AirInstaller",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Zoner": {
+                  "category": "undetected",
+                  "engine_name": "Zoner",
+                  "engine_version": "2.2.2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "TrendMicro-HouseCall": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro-HouseCall",
+                  "engine_version": "10.0.0.1040",
+                  "result": "TROJ_GEN.R002C0OL123",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Rising": {
+                  "category": "malicious",
+                  "engine_name": "Rising",
+                  "engine_version": "25.0.0.27",
+                  "result": "PUF.AirInstall!1.9C4C (CLASSIC)",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Yandex": {
+                  "category": "malicious",
+                  "engine_name": "Yandex",
+                  "engine_version": "5.5.2.24",
+                  "result": "PUA.AirAdInstaller!HB7an6Hw99Q",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "SentinelOne": {
+                  "category": "malicious",
+                  "engine_name": "SentinelOne",
+                  "engine_version": "23.4.2.3",
+                  "result": "Static AI - Suspicious PE",
+                  "method": "blacklist",
+                  "engine_update": "20231119"
+                },
+                "MaxSecure": {
+                  "category": "malicious",
+                  "engine_name": "MaxSecure",
+                  "engine_version": "1.0.0.1",
+                  "result": "not-a-virus:AdWare.Win32.AirAdInstaller.gpxn",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Fortinet": {
+                  "category": "malicious",
+                  "engine_name": "Fortinet",
+                  "engine_version": "None",
+                  "result": "W32/Generic.AC.8553!tr",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "BitDefenderTheta": {
+                  "category": "undetected",
+                  "engine_name": "BitDefenderTheta",
+                  "engine_version": "7.2.37796.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231127"
+                },
+                "AVG": {
+                  "category": "malicious",
+                  "engine_name": "AVG",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:Adware-gen [Adw]",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "DeepInstinct": {
+                  "category": "malicious",
+                  "engine_name": "DeepInstinct",
+                  "engine_version": "3.1.0.15",
+                  "result": "MALICIOUS",
+                  "method": "blacklist",
+                  "engine_update": "20231128"
+                },
+                "CrowdStrike": {
+                  "category": "malicious",
+                  "engine_name": "CrowdStrike",
+                  "engine_version": "1.0",
+                  "result": "win/grayware_confidence_100% (W)",
+                  "method": "blacklist",
+                  "engine_update": "20220812"
+                }
+              },
+              "reputation": 0
+            },
+            "type": "file",
+            "id": "666a512a1251ea4921ef6bd129e30f76f08833f68fb27bd06ecd02481fa159f8",
+            "links": {
+              "self": "https://www.virustotal.com/api/v3/files/666a512a1251ea4921ef6bd129e30f76f08833f68fb27bd06ecd02481fa159f8"
+            }
+          },
+          {
+            "attributes": {
+              "type_description": "Win32 EXE",
+              "tlsh": "T16455F170BD31B039F31682728CE69AA4202D7C384E9FCDAB77881CD39E647E595B90D5",
+              "vhash": "016046656d157038z58z4047z1jz",
+              "exiftool": {
+                "MIMEType": "application/octet-stream",
+                "Subsystem": "Windows GUI",
+                "MachineType": "Intel 386 or later, and compatibles",
+                "TimeStamp": "2014:09:09 11:37:29+00:00",
+                "FileType": "Win32 EXE",
+                "PEType": "PE32",
+                "CodeSize": "78336",
+                "LinkerVersion": "11.0",
+                "ImageFileCharacteristics": "No relocs, Executable, 32-bit",
+                "FileTypeExtension": "exe",
+                "InitializedDataSize": "1263616",
+                "SubsystemVersion": "5.1",
+                "ImageVersion": "0.0",
+                "OSVersion": "5.1",
+                "EntryPoint": "0x998f",
+                "UninitializedDataSize": "0"
+              },
+              "type_tags": [
+                "executable",
+                "windows",
+                "win32",
+                "pe",
+                "peexe"
+              ],
+              "creation_date": 1410262649,
+              "threat_severity": {
+                "threat_severity_level": "SEVERITY_LOW",
+                "threat_severity_data": {
+                  "num_gav_detections": 3,
+                  "popular_threat_category": "adware"
+                },
+                "last_analysis_date": "1701388979",
+                "version": 4,
+                "level_description": "Severity LOW because it was considered adware. Other contributing factor was that it could not be run in sandboxes."
+              },
+              "names": [
+                "VirusShare_1937fe95fafee53a8e300b85d71b5bd5",
+                "C:\\VI5E5J1csb\\PrDp\\2qk0I9rQ.doc"
+              ],
+              "signature_info": {
+                "x509": [
+                  {
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "2014-07-14 00:00:00",
+                    "valid to": "2015-07-14 23:59:59",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC",
+                    "valid_usage": "Code Signing"
+                  }
+                ],
+                "signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Code Signing",
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "12:00 AM 07/14/2014",
+                    "valid to": "11:59 PM 07/14/2015",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Client Auth, Code Signing",
+                    "name": "VeriSign Class 3 Code Signing 2010 CA",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 02/08/2010",
+                    "valid to": "11:59 PM 02/07/2020",
+                    "serial number": "52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "495847A93187CFB8C71F840CB7B41497AD95C64F"
+                  },
+                  {
+                    "status": "Valid",
+                    "valid usage": "Client Auth, Code Signing, Email Protection, Server Auth",
+                    "name": "VeriSign",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 11/08/2006",
+                    "valid to": "11:59 PM 07/16/2036",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  }
+                ],
+                "verified": "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.",
+                "signers": "Digital Plugin S.l.; VeriSign Class 3 Code Signing 2010 CA; VeriSign"
+              },
+              "last_modification_date": 1701396180,
+              "type_tag": "peexe",
+              "times_submitted": 2,
+              "total_votes": {
+                "harmless": 0,
+                "malicious": 0
+              },
+              "size": 1339464,
+              "popular_threat_classification": {
+                "suggested_threat_label": "adware.softpulse/buzus",
+                "popular_threat_category": [
+                  {
+                    "count": 14,
+                    "value": "adware"
+                  },
+                  {
+                    "count": 10,
+                    "value": "trojan"
+                  },
+                  {
+                    "count": 2,
+                    "value": "downloader"
+                  }
+                ],
+                "popular_threat_name": [
+                  {
+                    "count": 16,
+                    "value": "softpulse"
+                  },
+                  {
+                    "count": 4,
+                    "value": "buzus"
+                  },
+                  {
+                    "count": 2,
+                    "value": "downloader11"
+                  }
+                ]
+              },
+              "authentihash": "ac44d6ea2f4354cd1a1e3b59d3fc91b44af867188efb74e2e8a9bc25dfcdbaef",
+              "detectiteasy": {
+                "filetype": "PE32",
+                "values": [
+                  {
+                    "version": "2012",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "info": "C++",
+                    "version": "17.00.61030",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "version": "11.00.61030",
+                    "type": "Linker",
+                    "name": "Microsoft Linker"
+                  },
+                  {
+                    "version": "2012",
+                    "type": "Tool",
+                    "name": "Visual Studio"
+                  }
+                ]
+              },
+              "last_submission_date": 1701388776,
+              "meaningful_name": "VirusShare_1937fe95fafee53a8e300b85d71b5bd5",
+              "downloadable": true,
+              "trid": [
+                {
+                  "file_type": "Win32 Executable MS Visual C++ (generic)",
+                  "probability": 47.3
+                },
+                {
+                  "file_type": "Win64 Executable (generic)",
+                  "probability": 15.9
+                },
+                {
+                  "file_type": "Win32 Dynamic Link Library (generic)",
+                  "probability": 9.9
+                },
+                {
+                  "file_type": "Win16 NE executable (generic)",
+                  "probability": 7.6
+                },
+                {
+                  "file_type": "Win32 Executable (generic)",
+                  "probability": 6.8
+                }
+              ],
+              "sha256": "75186675e5cadfd0d289591cee61044be9d1d7501b257079594b05bcf5f73f8b",
+              "autostart_locations": [
+                {
+                  "entry": "cmd.exe"
+                }
+              ],
+              "type_extension": "exe",
+              "tags": [
+                "peexe",
+                "signed",
+                "overlay"
+              ],
+              "last_analysis_date": 1701388776,
+              "unique_sources": 2,
+              "first_submission_date": 1410432687,
+              "sha1": "1f259384bcfcd818a64d1e1eb00f0e843e919ee6",
+              "ssdeep": "24576:WKyKz4D4ufmwhzA2QoPKCys7JdpmnMlxy9KR8uQcun:WKVzMNuwIKyoBmnMSURNQH",
+              "md5": "1937fe95fafee53a8e300b85d71b5bd5",
+              "pe_info": {
+                "resource_details": [
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 7.8115973472595215,
+                    "chi2": 237230.2,
+                    "filetype": "unknown",
+                    "sha256": "ecb49a9f046a5269ac2ee74f277fb62f025d30da2c15dee99f842cfb089ab0ea",
+                    "type": "BIN"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 7.989520072937012,
+                    "chi2": 1072.07,
+                    "filetype": "PNG",
+                    "sha256": "995de56d617d0b228fd99376d3b94445da314e1182e5a94748fd4c4af5b070f5",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 6.483801364898682,
+                    "chi2": 13968.73,
+                    "filetype": "unknown",
+                    "sha256": "cc2cd376ab4889d49dba2df11f05b65205d1b9808541c0a0881cc9bacdf21f7e",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 6.176129341125488,
+                    "chi2": 48397.63,
+                    "filetype": "unknown",
+                    "sha256": "b53a43274ddd54cf7b5a05ffe25ae3543cd0c9ab8b2e40cd00b6530ed9c42814",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 5.820901393890381,
+                    "chi2": 116357.45,
+                    "filetype": "unknown",
+                    "sha256": "9008d2000b9510a9f61885a08ba0fde566976160105451050998785ad571ceab",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 5.373239994049072,
+                    "chi2": 361299.84,
+                    "filetype": "unknown",
+                    "sha256": "fec7539c6b25966a3e901382ee99796b3fd316581851e26033ea360599e71795",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 2.5208628177642822,
+                    "chi2": 14547.2,
+                    "filetype": "unknown",
+                    "sha256": "5aad3dac3c54346c718aae05959369135c838452f147ab2a1bb8e5bf5550440f",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "JAPANESE ARABIC LIBYA",
+                    "entropy": 2.724022388458252,
+                    "chi2": 6770.8,
+                    "filetype": "ICO",
+                    "sha256": "1c45a48442f87c89a28b57016f5ba7eae49d861951a3cc1b9466f152c8670471",
+                    "type": "RT_GROUP_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.160315036773682,
+                    "chi2": 15512.33,
+                    "filetype": "unknown",
+                    "sha256": "968d79bc612a646f6c544ec97b859452151f0272a6b4218ee67e988af715c2ab",
+                    "type": "RT_MANIFEST"
+                  }
+                ],
+                "rich_pe_header_hash": "c210793759f8febb3b9e4dae75444c88",
+                "imphash": "403c53eb1d737a6be5dd938a9d5502c8",
+                "overlay": {
+                  "entropy": 6.99015474319458,
+                  "offset": 1334784,
+                  "chi2": 12589.48,
+                  "filetype": "unknown",
+                  "md5": "6bdeb2b93a442f4ae80f46305a3d892a",
+                  "size": 4680
+                },
+                "compiler_product_versions": [
+                  "[ C ] VS2008 SP1 build 30729 count=1",
+                  "[IMP] VS2008 SP1 build 30729 count=11",
+                  "[---] Unmarked objects count=113",
+                  "[C++] VS2012 UPD4 build 61030 count=3",
+                  "[RES] VS2012 UPD4 build 61030 count=1",
+                  "[---] Resource count=1",
+                  "[LNK] VS2012 UPD4 build 61030 count=1",
+                  "id: 0xcd, version: 50929 count=17",
+                  "id: 0xce, version: 50929 count=108",
+                  "id: 0xcf, version: 50929 count=47"
+                ],
+                "resource_langs": {
+                  "JAPANESE ARABIC LIBYA": 9,
+                  "ENGLISH US": 1
+                },
+                "machine_type": 332,
+                "timestamp": 1410262649,
+                "resource_types": {
+                  "BIN": 1,
+                  "RT_ICON": 6,
+                  "RT_STRING": 1,
+                  "RT_MANIFEST": 1,
+                  "RT_GROUP_ICON": 1
+                },
+                "sections": [
+                  {
+                    "name": ".text",
+                    "chi2": 443659.62,
+                    "virtual_address": 4096,
+                    "flags": "rx",
+                    "raw_size": 78336,
+                    "entropy": 6.51,
+                    "virtual_size": 77932,
+                    "md5": "85e23bf9a2f5feb54ee7a7592d2c75d1"
+                  },
+                  {
+                    "name": ".rdata",
+                    "chi2": 933328.06,
+                    "virtual_address": 86016,
+                    "flags": "r",
+                    "raw_size": 292864,
+                    "entropy": 6.1,
+                    "virtual_size": 292660,
+                    "md5": "a1438381f58f0892045ecd0c93d22a82"
+                  },
+                  {
+                    "name": ".data",
+                    "chi2": 523081.31,
+                    "virtual_address": 380928,
+                    "flags": "rw",
+                    "raw_size": 5120,
+                    "entropy": 3.55,
+                    "virtual_size": 13040,
+                    "md5": "056fa714650f5102b3689f03095272fb"
+                  },
+                  {
+                    "name": ".rsrc",
+                    "chi2": 245571.98,
+                    "virtual_address": 397312,
+                    "flags": "r",
+                    "raw_size": 957440,
+                    "entropy": 7.84,
+                    "virtual_size": 957048,
+                    "md5": "e58bf55e704ac8ac65cd16262a5082b3"
+                  }
+                ],
+                "import_list": [
+                  {
+                    "library_name": "ADVAPI32.dll",
+                    "imported_functions": [
+                      "RegCloseKey",
+                      "RegOpenKeyExW",
+                      "RegQueryValueExW"
+                    ]
+                  },
+                  {
+                    "library_name": "KERNEL32.dll",
+                    "imported_functions": [
+                      "CloseHandle",
+                      "CreateFileW",
+                      "CreateProcessA",
+                      "DecodePointer",
+                      "DeleteCriticalSection",
+                      "EncodePointer",
+                      "EnterCriticalSection",
+                      "ExitProcess",
+                      "FindResourceExW",
+                      "FindResourceW",
+                      "FlushFileBuffers",
+                      "FreeEnvironmentStringsW",
+                      "FreeLibrary",
+                      "GetACP",
+                      "GetCommandLineW",
+                      "GetConsoleCP",
+                      "GetConsoleMode",
+                      "GetCPInfo",
+                      "GetCurrentProcess",
+                      "GetCurrentProcessId",
+                      "GetCurrentThreadId",
+                      "GetEnvironmentStringsW",
+                      "GetFileType",
+                      "GetLastError",
+                      "GetModuleFileNameA",
+                      "GetModuleFileNameW",
+                      "GetModuleHandleExW",
+                      "GetModuleHandleW",
+                      "GetOEMCP",
+                      "GetProcAddress",
+                      "GetProcessHeap",
+                      "GetStartupInfoW",
+                      "GetStdHandle",
+                      "GetStringTypeW",
+                      "GetSystemTimeAsFileTime",
+                      "GetThreadContext",
+                      "HeapAlloc",
+                      "HeapDestroy",
+                      "HeapFree",
+                      "HeapReAlloc",
+                      "HeapSize",
+                      "InitializeCriticalSectionAndSpinCount",
+                      "InterlockedDecrement",
+                      "InterlockedIncrement",
+                      "IsDebuggerPresent",
+                      "IsProcessorFeaturePresent",
+                      "IsValidCodePage",
+                      "LCMapStringW",
+                      "LeaveCriticalSection",
+                      "LoadLibraryExW",
+                      "LoadLibraryW",
+                      "LoadResource",
+                      "LocalFree",
+                      "LockResource",
+                      "MultiByteToWideChar",
+                      "OutputDebugStringW",
+                      "QueryPerformanceCounter",
+                      "RaiseException",
+                      "ReadProcessMemory",
+                      "ResumeThread",
+                      "RtlUnwind",
+                      "SetFilePointerEx",
+                      "SetLastError",
+                      "SetStdHandle",
+                      "SetUnhandledExceptionFilter",
+                      "SizeofResource",
+                      "Sleep",
+                      "TerminateProcess",
+                      "TlsAlloc",
+                      "TlsFree",
+                      "TlsGetValue",
+                      "TlsSetValue",
+                      "UnhandledExceptionFilter",
+                      "VirtualAlloc",
+                      "VirtualAllocEx",
+                      "VirtualFreeEx",
+                      "WideCharToMultiByte",
+                      "WriteConsoleW",
+                      "WriteFile",
+                      "WriteProcessMemory"
+                    ]
+                  },
+                  {
+                    "library_name": "SHLWAPI.dll",
+                    "imported_functions": [
+                      "PathFindFileNameW"
+                    ]
+                  },
+                  {
+                    "library_name": "ole32.dll",
+                    "imported_functions": [
+                      "CoCreateInstance",
+                      "CoInitializeEx",
+                      "CoInitializeSecurity",
+                      "CoSetProxyBlanket"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEAUT32.dll",
+                    "imported_functions": [
+                      "SysAllocStringByteLen",
+                      "SysFreeString",
+                      "SysStringByteLen",
+                      "VariantClear"
+                    ]
+                  }
+                ],
+                "entry_point": 39311
+              },
+              "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
+              "main_icon": {
+                "raw_md5": "c8adce53eaadaa25a7ed33f60f9f927f",
+                "dhash": "686e76e6c2e8e4e0"
+              },
+              "last_analysis_stats": {
+                "harmless": 0,
+                "type-unsupported": 4,
+                "suspicious": 0,
+                "confirmed-timeout": 0,
+                "timeout": 0,
+                "failure": 2,
+                "malicious": 64,
+                "undetected": 6
+              },
+              "last_analysis_results": {
+                "Bkav": {
+                  "category": "malicious",
+                  "engine_name": "Bkav",
+                  "engine_version": "2.0.0.1",
+                  "result": "W32.AIDetectMalware",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Lionic": {
+                  "category": "undetected",
+                  "engine_name": "Lionic",
+                  "engine_version": "7.5",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "tehtris": {
+                  "category": "malicious",
+                  "engine_name": "tehtris",
+                  "engine_version": "v0.1.4-109-g76614fd",
+                  "result": "Generic.Malware",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "MicroWorld-eScan": {
+                  "category": "malicious",
+                  "engine_name": "MicroWorld-eScan",
+                  "engine_version": "14.0.409.0",
+                  "result": "Adware.SoftPulse.A",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "ClamAV": {
+                  "category": "malicious",
+                  "engine_name": "ClamAV",
+                  "engine_version": "1.2.1.0",
+                  "result": "Win.Adware.MultiPlug-2",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "FireEye": {
+                  "category": "malicious",
+                  "engine_name": "FireEye",
+                  "engine_version": "35.24.1.0",
+                  "result": "Generic.mg.1937fe95fafee53a",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "CAT-QuickHeal": {
+                  "category": "malicious",
+                  "engine_name": "CAT-QuickHeal",
+                  "engine_version": "22.00",
+                  "result": "Trojan.Buzus.A4",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Skyhigh": {
+                  "category": "malicious",
+                  "engine_name": "Skyhigh",
+                  "engine_version": "v2021.2.0+4045",
+                  "result": "BehavesLike.Win32.SoftPulse.tc",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "McAfee": {
+                  "category": "malicious",
+                  "engine_name": "McAfee",
+                  "engine_version": "6.0.6.653",
+                  "result": "SoftPulse",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Cylance": {
+                  "category": "malicious",
+                  "engine_name": "Cylance",
+                  "engine_version": "2.0.0.0",
+                  "result": "unsafe",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "Zillya": {
+                  "category": "malicious",
+                  "engine_name": "Zillya",
+                  "engine_version": "2.0.0.5005",
+                  "result": "Adware.SoftPulseGen.Win32.1",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Sangfor": {
+                  "category": "malicious",
+                  "engine_name": "Sangfor",
+                  "engine_version": "2.23.0.0",
+                  "result": "Trojan.Win32.Save.a",
+                  "method": "blacklist",
+                  "engine_update": "20231122"
+                },
+                "K7AntiVirus": {
+                  "category": "malicious",
+                  "engine_name": "K7AntiVirus",
+                  "engine_version": "12.128.50354",
+                  "result": "Riskware ( 0040eff71 )",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Alibaba": {
+                  "category": "malicious",
+                  "engine_name": "Alibaba",
+                  "engine_version": "0.3.0.5",
+                  "result": "AdWare:Win32/Injector.103db6b7",
+                  "method": "blacklist",
+                  "engine_update": "20190527"
+                },
+                "K7GW": {
+                  "category": "malicious",
+                  "engine_name": "K7GW",
+                  "engine_version": "12.128.50354",
+                  "result": "Riskware ( 0040eff71 )",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Cybereason": {
+                  "category": "undetected",
+                  "engine_name": "Cybereason",
+                  "engine_version": "1.2.449",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231102"
+                },
+                "Baidu": {
+                  "category": "malicious",
+                  "engine_name": "Baidu",
+                  "engine_version": "1.0.0.2",
+                  "result": "Win32.Adware.Generic.am",
+                  "method": "blacklist",
+                  "engine_update": "20190318"
+                },
+                "VirIT": {
+                  "category": "malicious",
+                  "engine_name": "VirIT",
+                  "engine_version": "9.5.590",
+                  "result": "Trojan.Win32.DownLoader11.BVTA",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "SymantecMobileInsight": {
+                  "category": "type-unsupported",
+                  "engine_name": "SymantecMobileInsight",
+                  "engine_version": "2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230119"
+                },
+                "Symantec": {
+                  "category": "malicious",
+                  "engine_name": "Symantec",
+                  "engine_version": "1.21.0.0",
+                  "result": "SMG.Heur!gen",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Elastic": {
+                  "category": "malicious",
+                  "engine_name": "Elastic",
+                  "engine_version": "4.0.119",
+                  "result": "malicious (high confidence)",
+                  "method": "blacklist",
+                  "engine_update": "20231129"
+                },
+                "ESET-NOD32": {
+                  "category": "malicious",
+                  "engine_name": "ESET-NOD32",
+                  "engine_version": "28327",
+                  "result": "a variant of Win32/Injector.DSQR",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "APEX": {
+                  "category": "malicious",
+                  "engine_name": "APEX",
+                  "engine_version": "6.478",
+                  "result": "Malicious",
+                  "method": "blacklist",
+                  "engine_update": "20231128"
+                },
+                "Paloalto": {
+                  "category": "undetected",
+                  "engine_name": "Paloalto",
+                  "engine_version": "0.9.0.1003",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Cynet": {
+                  "category": "malicious",
+                  "engine_name": "Cynet",
+                  "engine_version": "4.0.0.28",
+                  "result": "Malicious (score: 100)",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Kaspersky": {
+                  "category": "malicious",
+                  "engine_name": "Kaspersky",
+                  "engine_version": "22.0.1.28",
+                  "result": "Trojan.Win32.Buzus.xzie",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "BitDefender": {
+                  "category": "malicious",
+                  "engine_name": "BitDefender",
+                  "engine_version": "7.2",
+                  "result": "Adware.SoftPulse.A",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "NANO-Antivirus": {
+                  "category": "malicious",
+                  "engine_name": "NANO-Antivirus",
+                  "engine_version": "1.0.146.25796",
+                  "result": "Trojan.Win32.Agent.deuoac",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "ViRobot": {
+                  "category": "undetected",
+                  "engine_name": "ViRobot",
+                  "engine_version": "2014.3.20.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Avast": {
+                  "category": "malicious",
+                  "engine_name": "Avast",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:PUP-gen [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Rising": {
+                  "category": "failure",
+                  "engine_name": "Rising",
+                  "engine_version": "25.0.0.27",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Trustlook": {
+                  "category": "type-unsupported",
+                  "engine_name": "Trustlook",
+                  "engine_version": "1.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "TACHYON": {
+                  "category": "malicious",
+                  "engine_name": "TACHYON",
+                  "engine_version": "2023-11-30.02",
+                  "result": "Trojan-Clicker/W32.SoftPulse.1339464",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Sophos": {
+                  "category": "malicious",
+                  "engine_name": "Sophos",
+                  "engine_version": "2.4.3.0",
+                  "result": "SoftPulse (PUA)",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "F-Secure": {
+                  "category": "malicious",
+                  "engine_name": "F-Secure",
+                  "engine_version": "18.10.1547.307",
+                  "result": "PotentialRisk.PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "DrWeb": {
+                  "category": "malicious",
+                  "engine_name": "DrWeb",
+                  "engine_version": "7.0.61.8090",
+                  "result": "Trojan.DownLoader11.32266",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "VIPRE": {
+                  "category": "malicious",
+                  "engine_name": "VIPRE",
+                  "engine_version": "6.0.0.35",
+                  "result": "Adware.SoftPulse.A",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "TrendMicro": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro",
+                  "engine_version": "11.0.0.1006",
+                  "result": "ADW_PULSOFT.SM",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Trapmine": {
+                  "category": "malicious",
+                  "engine_name": "Trapmine",
+                  "engine_version": "4.0.14.97",
+                  "result": "malicious.high.ml.score",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "CMC": {
+                  "category": "undetected",
+                  "engine_name": "CMC",
+                  "engine_version": "2.4.2022.1",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230822"
+                },
+                "Emsisoft": {
+                  "category": "malicious",
+                  "engine_name": "Emsisoft",
+                  "engine_version": "2022.6.0.32461",
+                  "result": "Adware.SoftPulse.A (B)",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Ikarus": {
+                  "category": "malicious",
+                  "engine_name": "Ikarus",
+                  "engine_version": "6.2.4.0",
+                  "result": "PUA.SoftPulse",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Avast-Mobile": {
+                  "category": "type-unsupported",
+                  "engine_name": "Avast-Mobile",
+                  "engine_version": "231130-00",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Jiangmin": {
+                  "category": "malicious",
+                  "engine_name": "Jiangmin",
+                  "engine_version": "16.0.100",
+                  "result": "Adware.Agent.vby",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Webroot": {
+                  "category": "malicious",
+                  "engine_name": "Webroot",
+                  "engine_version": "1.0.0.403",
+                  "result": "Pua.Tuguu",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Google": {
+                  "category": "malicious",
+                  "engine_name": "Google",
+                  "engine_version": "1700731866",
+                  "result": "Detected",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Avira": {
+                  "category": "malicious",
+                  "engine_name": "Avira",
+                  "engine_version": "8.3.3.16",
+                  "result": "PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Antiy-AVL": {
+                  "category": "malicious",
+                  "engine_name": "Antiy-AVL",
+                  "engine_version": "3.0",
+                  "result": "GrayWare/Win32.SoftPulse.l",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Kingsoft": {
+                  "category": "malicious",
+                  "engine_name": "Kingsoft",
+                  "engine_version": "None",
+                  "result": "malware.kb.a.999",
+                  "method": "blacklist",
+                  "engine_update": "20230906"
+                },
+                "Microsoft": {
+                  "category": "failure",
+                  "engine_name": "Microsoft",
+                  "engine_version": "1.1.23100.2009",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Gridinsoft": {
+                  "category": "malicious",
+                  "engine_name": "Gridinsoft",
+                  "engine_version": "1.0.150.174",
+                  "result": "Adware.Win32.Downloader.vl!c",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Xcitium": {
+                  "category": "malicious",
+                  "engine_name": "Xcitium",
+                  "engine_version": "36220",
+                  "result": "Application.Win32.SoftPulse.W@5f5km4",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Arcabit": {
+                  "category": "malicious",
+                  "engine_name": "Arcabit",
+                  "engine_version": "2022.0.0.18",
+                  "result": "Adware.SoftPulse.A",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "SUPERAntiSpyware": {
+                  "category": "malicious",
+                  "engine_name": "SUPERAntiSpyware",
+                  "engine_version": "5.6.0.1032",
+                  "result": "PUP.MultiPlug/Variant",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "ZoneAlarm": {
+                  "category": "malicious",
+                  "engine_name": "ZoneAlarm",
+                  "engine_version": "1.0",
+                  "result": "Trojan.Win32.Buzus.xzie",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "GData": {
+                  "category": "malicious",
+                  "engine_name": "GData",
+                  "engine_version": "A:25.36898B:27.34050",
+                  "result": "Win32.Trojan.PSE.10SJJ37",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Varist": {
+                  "category": "malicious",
+                  "engine_name": "Varist",
+                  "engine_version": "6.5.1.2",
+                  "result": "W32/A-6a1fc28f!Eldorado",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "BitDefenderFalx": {
+                  "category": "type-unsupported",
+                  "engine_name": "BitDefenderFalx",
+                  "engine_version": "2.0.936",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231121"
+                },
+                "AhnLab-V3": {
+                  "category": "malicious",
+                  "engine_name": "AhnLab-V3",
+                  "engine_version": "3.24.0.10447",
+                  "result": "PUP/Win32.DomaIQ.R119010",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Acronis": {
+                  "category": "malicious",
+                  "engine_name": "Acronis",
+                  "engine_version": "1.2.0.121",
+                  "result": "suspicious",
+                  "method": "blacklist",
+                  "engine_update": "20230828"
+                },
+                "BitDefenderTheta": {
+                  "category": "malicious",
+                  "engine_name": "BitDefenderTheta",
+                  "engine_version": "7.2.37796.0",
+                  "result": "AI:Packer.E75D5A4F1F",
+                  "method": "blacklist",
+                  "engine_update": "20231127"
+                },
+                "ALYac": {
+                  "category": "malicious",
+                  "engine_name": "ALYac",
+                  "engine_version": "1.1.3.1",
+                  "result": "Adware.SoftPulse.A",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "MAX": {
+                  "category": "malicious",
+                  "engine_name": "MAX",
+                  "engine_version": "2023.1.4.1",
+                  "result": "malware (ai score=98)",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "VBA32": {
+                  "category": "malicious",
+                  "engine_name": "VBA32",
+                  "engine_version": "5.0.0",
+                  "result": "BScope.Trojan.Buzus",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Malwarebytes": {
+                  "category": "malicious",
+                  "engine_name": "Malwarebytes",
+                  "engine_version": "4.5.5.54",
+                  "result": "Generic.Malware.AI.DDS",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Panda": {
+                  "category": "malicious",
+                  "engine_name": "Panda",
+                  "engine_version": "4.6.4.2",
+                  "result": "Trj/Genetic.gen",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Zoner": {
+                  "category": "undetected",
+                  "engine_name": "Zoner",
+                  "engine_version": "2.2.2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "TrendMicro-HouseCall": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro-HouseCall",
+                  "engine_version": "10.0.0.1040",
+                  "result": "ADW_PULSOFT.SM",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Tencent": {
+                  "category": "malicious",
+                  "engine_name": "Tencent",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.Win32.Buzuse.oyxu",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Yandex": {
+                  "category": "malicious",
+                  "engine_name": "Yandex",
+                  "engine_version": "5.5.2.24",
+                  "result": "PUA.Downloader!1dDpWwXIBBY",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "SentinelOne": {
+                  "category": "malicious",
+                  "engine_name": "SentinelOne",
+                  "engine_version": "23.4.2.3",
+                  "result": "Static AI - Malicious PE",
+                  "method": "blacklist",
+                  "engine_update": "20231119"
+                },
+                "MaxSecure": {
+                  "category": "malicious",
+                  "engine_name": "MaxSecure",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.softplus.g",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "Fortinet": {
+                  "category": "malicious",
+                  "engine_name": "Fortinet",
+                  "engine_version": "None",
+                  "result": "W32/SoftPulse.AE3E!tr",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "AVG": {
+                  "category": "malicious",
+                  "engine_name": "AVG",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:PUP-gen [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231130"
+                },
+                "DeepInstinct": {
+                  "category": "malicious",
+                  "engine_name": "DeepInstinct",
+                  "engine_version": "3.1.0.15",
+                  "result": "MALICIOUS",
+                  "method": "blacklist",
+                  "engine_update": "20231128"
+                },
+                "CrowdStrike": {
+                  "category": "malicious",
+                  "engine_name": "CrowdStrike",
+                  "engine_version": "1.0",
+                  "result": "win/grayware_confidence_90% (D)",
+                  "method": "blacklist",
+                  "engine_update": "20220812"
+                }
+              },
+              "reputation": 0,
+              "first_seen_itw_date": 1391845611
+            },
+            "type": "file",
+            "id": "75186675e5cadfd0d289591cee61044be9d1d7501b257079594b05bcf5f73f8b",
+            "links": {
+              "self": "https://www.virustotal.com/api/v3/files/75186675e5cadfd0d289591cee61044be9d1d7501b257079594b05bcf5f73f8b"
+            }
+          },
+          {
+            "attributes": {
+              "type_description": "Win32 EXE",
+              "tlsh": "T133B38C2236D0C172D592153188E4DBBA6A7DFA31173150CB77A80A7D1F90BD26B3A39B",
+              "vhash": "015056655d15551az4e7z205015z10012fz",
+              "exiftool": {
+                "UninitializedDataSize": "0",
+                "LinkerVersion": "10.0",
+                "ImageVersion": "0.0",
+                "FileVersionNumber": "1.0.6242.39491",
+                "LanguageCode": "English (U.S.)",
+                "FileFlagsMask": "0x003f",
+                "ImageFileCharacteristics": "Executable, 32-bit",
+                "CharacterSet": "Unicode",
+                "InitializedDataSize": "31744",
+                "FileTypeExtension": "exe",
+                "MIMEType": "application/octet-stream",
+                "FileVersion": "1.0.6242.39491",
+                "TimeStamp": "2015:08:28 22:39:26+00:00",
+                "FileType": "Win32 EXE",
+                "PEType": "PE32",
+                "ProductVersion": "1.0.6242.39491",
+                "SubsystemVersion": "5.1",
+                "OSVersion": "5.1",
+                "FileOS": "Windows NT 32-bit",
+                "Subsystem": "Windows GUI",
+                "MachineType": "Intel 386 or later, and compatibles",
+                "CodeSize": "76288",
+                "FileSubtype": "0",
+                "ProductVersionNumber": "1.0.6242.39491",
+                "EntryPoint": "0x74c7",
+                "ObjectFileType": "Executable application"
+              },
+              "type_tags": [
+                "executable",
+                "windows",
+                "win32",
+                "pe",
+                "peexe"
+              ],
+              "creation_date": 1440801566,
+              "threat_severity": {
+                "threat_severity_level": "SEVERITY_LOW",
+                "threat_severity_data": {
+                  "num_gav_detections": 3,
+                  "popular_threat_category": "adware"
+                },
+                "last_analysis_date": "1701100387",
+                "version": 4,
+                "level_description": "Severity LOW because it was considered adware. Other contributing factor was that it could not be run in sandboxes."
+              },
+              "names": [
+                "94fe147d9869fa650b10dd55ed9017e6.virus"
+              ],
+              "signature_info": {
+                "verified": "Signed",
+                "file version": "1.0.6242.39491",
+                "signing date": "10:39 PM 08/28/2015",
+                "x509": [
+                  {
+                    "name": "Symantec Time Stamping Services CA - G2",
+                    "algorithm": "sha1RSA",
+                    "valid from": "2012-12-21 00:00:00",
+                    "valid to": "2020-12-30 23:59:59",
+                    "serial number": "7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B",
+                    "cert issuer": "Thawte Timestamping CA",
+                    "thumbprint": "6C07453FFDDA08B83707C09B82FB3D15F35336B1",
+                    "valid_usage": "Timestamp Signing"
+                  },
+                  {
+                    "name": "Symantec Time Stamping Services Signer - G4",
+                    "algorithm": "sha1RSA",
+                    "valid from": "2012-10-18 00:00:00",
+                    "valid to": "2020-12-29 23:59:59",
+                    "serial number": "0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50",
+                    "cert issuer": "Symantec Time Stamping Services CA - G2",
+                    "thumbprint": "65439929B67973EB192D6FF243E6767ADF0834E4",
+                    "valid_usage": "ff"
+                  },
+                  {
+                    "name": "GrooveDock",
+                    "algorithm": "sha1RSA",
+                    "valid from": "2014-12-23 00:00:00",
+                    "valid to": "2016-01-22 23:59:59",
+                    "serial number": "33 A4 58 C6 73 ED B8 78 05 21 2B 76 41 4C 41 3D",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "B5EE3751EC9E99E2D2CFD08DDF33A7518BB9D459",
+                    "valid_usage": "Code Signing"
+                  }
+                ],
+                "signers": "GrooveDock; VeriSign Class 3 Code Signing 2010 CA; VeriSign",
+                "counter signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked., The certificate or certificate chain is based on an untrusted root., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale., The certificate is explicitly distrusted.",
+                    "valid usage": "Timestamp Signing",
+                    "name": "Symantec Time Stamping Services Signer - G4",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 10/18/2012",
+                    "valid to": "11:59 PM 12/29/2020",
+                    "serial number": "0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50",
+                    "cert issuer": "Symantec Time Stamping Services CA - G2",
+                    "thumbprint": "65439929B67973EB192D6FF243E6767ADF0834E4"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Timestamp Signing",
+                    "name": "Symantec Time Stamping Services CA - G2",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 12/21/2012",
+                    "valid to": "11:59 PM 12/30/2020",
+                    "serial number": "7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B",
+                    "cert issuer": "Thawte Timestamping CA",
+                    "thumbprint": "6C07453FFDDA08B83707C09B82FB3D15F35336B1"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Timestamp Signing",
+                    "name": "Thawte Timestamping CA",
+                    "algorithm": "md5RSA",
+                    "valid from": "12:00 AM 01/01/1997",
+                    "valid to": "11:59 PM 12/31/2020",
+                    "serial number": "00",
+                    "cert issuer": "Thawte Timestamping CA",
+                    "thumbprint": "BE36A4562FB2EE05DBB3D32323ADF445084ED656"
+                  }
+                ],
+                "counter signers": "Symantec Time Stamping Services Signer - G4; Symantec Time Stamping Services CA - G2; Thawte Timestamping CA",
+                "signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Code Signing",
+                    "name": "GrooveDock",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 12/23/2014",
+                    "valid to": "11:59 PM 01/22/2016",
+                    "serial number": "33 A4 58 C6 73 ED B8 78 05 21 2B 76 41 4C 41 3D",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "B5EE3751EC9E99E2D2CFD08DDF33A7518BB9D459"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Client Auth, Code Signing",
+                    "name": "VeriSign Class 3 Code Signing 2010 CA",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 02/08/2010",
+                    "valid to": "11:59 PM 02/07/2020",
+                    "serial number": "52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "495847A93187CFB8C71F840CB7B41497AD95C64F"
+                  },
+                  {
+                    "status": "Valid",
+                    "valid usage": "Client Auth, Code Signing, Email Protection, Server Auth",
+                    "name": "VeriSign",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 11/08/2006",
+                    "valid to": "11:59 PM 07/16/2036",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  }
+                ]
+              },
+              "last_modification_date": 1701658101,
+              "type_tag": "peexe",
+              "times_submitted": 1,
+              "total_votes": {
+                "harmless": 0,
+                "malicious": 0
+              },
+              "size": 115440,
+              "popular_threat_classification": {
+                "suggested_threat_label": "adware.browsefox/akamaihd",
+                "popular_threat_category": [
+                  {
+                    "count": 29,
+                    "value": "adware"
+                  },
+                  {
+                    "count": 6,
+                    "value": "trojan"
+                  },
+                  {
+                    "count": 2,
+                    "value": "pua"
+                  }
+                ],
+                "popular_threat_name": [
+                  {
+                    "count": 21,
+                    "value": "browsefox"
+                  },
+                  {
+                    "count": 5,
+                    "value": "akamaihd"
+                  },
+                  {
+                    "count": 3,
+                    "value": "msil"
+                  }
+                ]
+              },
+              "authentihash": "709b30f22b63e2a9e0a45dcb23d424de69895ab6eb0c73fe591d429140acf130",
+              "detectiteasy": {
+                "filetype": "PE32",
+                "values": [
+                  {
+                    "info": "EXE32",
+                    "version": "2008-2010",
+                    "type": "Compiler",
+                    "name": "EP:Microsoft Visual C/C++"
+                  },
+                  {
+                    "info": "libcmt",
+                    "version": "2010 SP1",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "info": "LTCG/C++",
+                    "version": "16.00.40219",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "version": "10.00.40219",
+                    "type": "Linker",
+                    "name": "Microsoft Linker"
+                  },
+                  {
+                    "version": "2010",
+                    "type": "Tool",
+                    "name": "Visual Studio"
+                  },
+                  {
+                    "info": "PKCS #7",
+                    "version": "2.0",
+                    "type": "Sign tool",
+                    "name": "Windows Authenticode"
+                  }
+                ]
+              },
+              "last_submission_date": 1701000729,
+              "meaningful_name": "94fe147d9869fa650b10dd55ed9017e6.virus",
+              "downloadable": true,
+              "crowdsourced_ids_stats": {
+                "high": 0,
+                "info": 0,
+                "medium": 2,
+                "low": 3
+              },
+              "trid": [
+                {
+                  "file_type": "Win32 Executable MS Visual C++ (generic)",
+                  "probability": 47.3
+                },
+                {
+                  "file_type": "Win64 Executable (generic)",
+                  "probability": 15.9
+                },
+                {
+                  "file_type": "Win32 Dynamic Link Library (generic)",
+                  "probability": 9.9
+                },
+                {
+                  "file_type": "Win16 NE executable (generic)",
+                  "probability": 7.6
+                },
+                {
+                  "file_type": "Win32 Executable (generic)",
+                  "probability": 6.8
+                }
+              ],
+              "sandbox_verdicts": {
+                "Zenbox": {
+                  "category": "harmless",
+                  "confidence": 98,
+                  "sandbox_name": "Zenbox",
+                  "malware_classification": [
+                    "CLEAN"
+                  ]
+                }
+              },
+              "sha256": "e10a0fdec1bdc1f93bbdcd0592cccf2d5aedafafda8db1e3dd1319739a70883e",
+              "type_extension": "exe",
+              "tags": [
+                "idle",
+                "checks-user-input",
+                "peexe",
+                "signed",
+                "overlay"
+              ],
+              "crowdsourced_ids_results": [
+                {
+                  "rule_category": "successful-recon-limited",
+                  "alert_severity": "medium",
+                  "rule_msg": "PROTOCOL-ICMP Unusual PING detected",
+                  "rule_raw": "alert icmp $HOME_NET any -> $EXTERNAL_NET any ( msg:\"PROTOCOL-ICMP Unusual PING detected\"; icode:0; itype:8; fragbits:!M; content:!\"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI\",depth 32; content:!\"0123456789abcdefghijklmnopqrstuv\",depth 32; content:!\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\",depth 36; content:!\"WANG2\"; content:!\"cacti-monitoring-system\",depth 65; content:!\"SolarWinds\",depth 72; metadata:policy max-detect-ips drop,ruleset community; reference:url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/; reference:url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/; classtype:successful-recon-limited; sid:29456; rev:3; )",
+                  "rule_references": [
+                    "https://krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/",
+                    "https://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/"
+                  ],
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "rule_id": "1:29456"
+                },
+                {
+                  "rule_category": "attempted-recon",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "medium",
+                  "rule_msg": "PROTOCOL-ICMP traceroute",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP traceroute\"; itype:8; ttl:1; metadata:ruleset community; classtype:attempted-recon; sid:385; rev:8; )",
+                  "rule_id": "1:385"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "(eth) truncated ethernet header",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert ( gid:116; sid:424; rev:2; msg:\"(eth) truncated ethernet header\"; metadata: policy max-detect-ips drop, rule-type decode; classtype:misc-activity;)",
+                  "rule_id": "116:424"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "PROTOCOL-ICMP PING",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP PING\"; icode:0; itype:8; metadata:ruleset community; classtype:misc-activity; sid:384; rev:8; )",
+                  "rule_id": "1:384"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "PROTOCOL-ICMP Echo Reply",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP Echo Reply\"; icode:0; itype:0; metadata:ruleset community; classtype:misc-activity; sid:408; rev:8; )",
+                  "rule_id": "1:408"
+                }
+              ],
+              "last_analysis_date": 1701649554,
+              "unique_sources": 1,
+              "first_submission_date": 1701000729,
+              "sha1": "69956731d485db26df313a322989027d84c84d76",
+              "ssdeep": "1536:dY5/Ze0QJVeChmV4vGjkoZQOGVjLKpRUk249qfCnRavF/iPbnlVHvl3V5fpn4Ft5:kaTq9je5GR6Y8Z0lVPll5fp4vdn",
+              "md5": "94fe147d9869fa650b10dd55ed9017e6",
+              "pe_info": {
+                "resource_details": [
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.2893989086151123,
+                    "chi2": 29242.16,
+                    "filetype": "unknown",
+                    "sha256": "d39eecc80df15a0e6e501f98b67823310e38b9517c77d9b6a1d33b7fae6f9c20",
+                    "type": "RT_VERSION"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.795973777770996,
+                    "chi2": 3958.65,
+                    "filetype": "unknown",
+                    "sha256": "49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e",
+                    "type": "RT_MANIFEST"
+                  }
+                ],
+                "rich_pe_header_hash": "9ead5ef59411c71105e0aff3c99ee2ef",
+                "imphash": "f92e75f69f68adbd7374321bb0059da8",
+                "overlay": {
+                  "entropy": 7.3208231925964355,
+                  "offset": 109056,
+                  "chi2": 10491.15,
+                  "filetype": "unknown",
+                  "size": 6384,
+                  "md5": "d3bc4cfb7f4bdc9a18db2ae12050df00"
+                },
+                "compiler_product_versions": [
+                  "[ASM] VS2010 SP1 build 40219 count=19",
+                  "[ C ] VS2010 SP1 build 40219 count=114",
+                  "[C++] VS2010 SP1 build 40219 count=47",
+                  "[C++] VS2010 build 30319 count=4",
+                  "[ C ] VS2008 SP1 build 30729 count=6",
+                  "[IMP] VS2008 SP1 build 30729 count=13",
+                  "[---] Unmarked objects count=121",
+                  "[RES] VS2010 SP1 build 40219 count=1",
+                  "[LNK] VS2010 SP1 build 40219 count=1",
+                  "id: 0xaf, version: 40219 count=2"
+                ],
+                "resource_langs": {
+                  "ENGLISH US": 2
+                },
+                "machine_type": 332,
+                "timestamp": 1440801566,
+                "resource_types": {
+                  "RT_MANIFEST": 1,
+                  "RT_VERSION": 1
+                },
+                "sections": [
+                  {
+                    "name": ".text",
+                    "chi2": 432746.41,
+                    "virtual_address": 4096,
+                    "entropy": 6.59,
+                    "raw_size": 76288,
+                    "flags": "rx",
+                    "virtual_size": 75957,
+                    "md5": "8b61f58288b8ad45162ce431d21be600"
+                  },
+                  {
+                    "name": ".rdata",
+                    "chi2": 802951.44,
+                    "virtual_address": 81920,
+                    "entropy": 4.78,
+                    "raw_size": 17408,
+                    "flags": "r",
+                    "virtual_size": 17362,
+                    "md5": "f7316787fb9d6eadcc86e7d5cbefd142"
+                  },
+                  {
+                    "name": ".data",
+                    "chi2": 554690.75,
+                    "virtual_address": 102400,
+                    "entropy": 3.39,
+                    "raw_size": 5120,
+                    "flags": "rw",
+                    "virtual_size": 12896,
+                    "md5": "373aabcd33e8fbc1a899a8f4e99b96d9"
+                  },
+                  {
+                    "name": ".rsrc",
+                    "chi2": 27865.5,
+                    "virtual_address": 118784,
+                    "entropy": 4.75,
+                    "raw_size": 1024,
+                    "flags": "r",
+                    "virtual_size": 860,
+                    "md5": "59a38b2c74db7f51c84c7ae7a8fc5ca5"
+                  },
+                  {
+                    "name": ".reloc",
+                    "chi2": 511720.12,
+                    "virtual_address": 122880,
+                    "entropy": 4.37,
+                    "raw_size": 8192,
+                    "flags": "r",
+                    "virtual_size": 7892,
+                    "md5": "ede8a8413664193f10530a6ed4c3f2c7"
+                  }
+                ],
+                "import_list": [
+                  {
+                    "library_name": "KERNEL32.dll",
+                    "imported_functions": [
+                      "CloseHandle",
+                      "CreateFileW",
+                      "DecodePointer",
+                      "DeleteCriticalSection",
+                      "EncodePointer",
+                      "EnterCriticalSection",
+                      "ExitProcess",
+                      "FindResourceExW",
+                      "FindResourceW",
+                      "FlushFileBuffers",
+                      "FreeEnvironmentStringsW",
+                      "FreeLibrary",
+                      "GetACP",
+                      "GetCommandLineW",
+                      "GetConsoleCP",
+                      "GetConsoleMode",
+                      "GetConsoleWindow",
+                      "GetCPInfo",
+                      "GetCurrentProcess",
+                      "GetCurrentProcessId",
+                      "GetCurrentThreadId",
+                      "GetEnvironmentStringsW",
+                      "GetFileType",
+                      "GetLastError",
+                      "GetModuleFileNameW",
+                      "GetModuleHandleW",
+                      "GetOEMCP",
+                      "GetPriorityClass",
+                      "GetProcAddress",
+                      "GetProcessHeap",
+                      "GetStartupInfoW",
+                      "GetStdHandle",
+                      "GetStringTypeW",
+                      "GetSystemTimeAsFileTime",
+                      "GetTickCount",
+                      "GetWindowsDirectoryA",
+                      "HeapAlloc",
+                      "HeapCreate",
+                      "HeapDestroy",
+                      "HeapFree",
+                      "HeapReAlloc",
+                      "HeapSetInformation",
+                      "HeapSize",
+                      "InitializeCriticalSectionAndSpinCount",
+                      "InterlockedDecrement",
+                      "InterlockedIncrement",
+                      "IsDebuggerPresent",
+                      "IsProcessorFeaturePresent",
+                      "IsValidCodePage",
+                      "LCMapStringW",
+                      "LeaveCriticalSection",
+                      "LoadLibraryW",
+                      "LoadResource",
+                      "LocalFree",
+                      "LockResource",
+                      "lstrcmpW",
+                      "MultiByteToWideChar",
+                      "OpenProcess",
+                      "QueryPerformanceCounter",
+                      "RaiseException",
+                      "RtlUnwind",
+                      "SetErrorMode",
+                      "SetFilePointer",
+                      "SetHandleCount",
+                      "SetLastError",
+                      "SetStdHandle",
+                      "SetUnhandledExceptionFilter",
+                      "SizeofResource",
+                      "Sleep",
+                      "TerminateProcess",
+                      "TlsAlloc",
+                      "TlsFree",
+                      "TlsGetValue",
+                      "TlsSetValue",
+                      "UnhandledExceptionFilter",
+                      "WideCharToMultiByte",
+                      "WriteConsoleW",
+                      "WriteFile"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEAUT32.dll",
+                    "imported_functions": [
+                      "GetErrorInfo",
+                      "SysAllocString",
+                      "SysFreeString",
+                      "SysStringLen",
+                      "VarBstrCmp"
+                    ]
+                  },
+                  {
+                    "library_name": "ole32.dll",
+                    "imported_functions": [
+                      "CLSIDFromString",
+                      "CoInitializeEx"
+                    ]
+                  },
+                  {
+                    "library_name": "SHLWAPI.dll",
+                    "imported_functions": [
+                      "PathStripPathW"
+                    ]
+                  },
+                  {
+                    "library_name": "PSAPI.DLL",
+                    "imported_functions": [
+                      "GetModuleFileNameExW"
+                    ]
+                  },
+                  {
+                    "library_name": "USER32.dll",
+                    "imported_functions": [
+                      "AnimateWindow",
+                      "CharLowerBuffW",
+                      "CloseWindow",
+                      "EnumChildWindows",
+                      "EnumWindows",
+                      "FindWindowW",
+                      "FlashWindow",
+                      "GetClassNameW",
+                      "GetDesktopWindow",
+                      "GetForegroundWindow",
+                      "GetParent",
+                      "GetWindow",
+                      "GetWindowThreadProcessId",
+                      "IsWindow",
+                      "RegisterWindowMessageW",
+                      "SendMessageTimeoutW",
+                      "SetForegroundWindow",
+                      "ShowWindow"
+                    ]
+                  }
+                ],
+                "entry_point": 29895
+              },
+              "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
+              "last_analysis_stats": {
+                "harmless": 0,
+                "type-unsupported": 4,
+                "suspicious": 0,
+                "confirmed-timeout": 0,
+                "timeout": 3,
+                "failure": 0,
+                "malicious": 60,
+                "undetected": 9
+              },
+              "last_analysis_results": {
+                "Bkav": {
+                  "category": "malicious",
+                  "engine_name": "Bkav",
+                  "engine_version": "2.0.0.1",
+                  "result": "W32.Common.4E9A1C42",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Lionic": {
+                  "category": "malicious",
+                  "engine_name": "Lionic",
+                  "engine_version": "7.5",
+                  "result": "Adware.Win32.Akamaihd.2!c",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Elastic": {
+                  "category": "malicious",
+                  "engine_name": "Elastic",
+                  "engine_version": "4.0.119",
+                  "result": "malicious (high confidence)",
+                  "method": "blacklist",
+                  "engine_update": "20231129"
+                },
+                "DrWeb": {
+                  "category": "malicious",
+                  "engine_name": "DrWeb",
+                  "engine_version": "7.0.61.8090",
+                  "result": "Trojan.Yontoo.2512",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "MicroWorld-eScan": {
+                  "category": "malicious",
+                  "engine_name": "MicroWorld-eScan",
+                  "engine_version": "14.0.409.0",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "FireEye": {
+                  "category": "malicious",
+                  "engine_name": "FireEye",
+                  "engine_version": "35.24.1.0",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "CAT-QuickHeal": {
+                  "category": "malicious",
+                  "engine_name": "CAT-QuickHeal",
+                  "engine_version": "22.00",
+                  "result": "PUA.Groovedock.Gen",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Skyhigh": {
+                  "category": "malicious",
+                  "engine_name": "Skyhigh",
+                  "engine_version": "v2021.2.0+4045",
+                  "result": "PUP-XAG-AU",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "ALYac": {
+                  "category": "malicious",
+                  "engine_name": "ALYac",
+                  "engine_version": "1.1.3.1",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Cylance": {
+                  "category": "malicious",
+                  "engine_name": "Cylance",
+                  "engine_version": "2.0.0.0",
+                  "result": "unsafe",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "Zillya": {
+                  "category": "malicious",
+                  "engine_name": "Zillya",
+                  "engine_version": "2.0.0.5006",
+                  "result": "Adware.BrowseFoxGen.Win32.23",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Sangfor": {
+                  "category": "malicious",
+                  "engine_name": "Sangfor",
+                  "engine_version": "2.23.0.0",
+                  "result": "PUA.Win32.Sign.a",
+                  "method": "blacklist",
+                  "engine_update": "20231122"
+                },
+                "K7AntiVirus": {
+                  "category": "malicious",
+                  "engine_name": "K7AntiVirus",
+                  "engine_version": "12.129.50380",
+                  "result": "Adware ( 00548f161 )",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Alibaba": {
+                  "category": "malicious",
+                  "engine_name": "Alibaba",
+                  "engine_version": "0.3.0.5",
+                  "result": "AdWare:Win32/Akamaihd.407065df",
+                  "method": "blacklist",
+                  "engine_update": "20190527"
+                },
+                "K7GW": {
+                  "category": "malicious",
+                  "engine_name": "K7GW",
+                  "engine_version": "12.129.50380",
+                  "result": "Adware ( 00548f161 )",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Cybereason": {
+                  "category": "undetected",
+                  "engine_name": "Cybereason",
+                  "engine_version": "1.2.449",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231102"
+                },
+                "BitDefenderTheta": {
+                  "category": "undetected",
+                  "engine_name": "BitDefenderTheta",
+                  "engine_version": "7.2.37796.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231127"
+                },
+                "VirIT": {
+                  "category": "malicious",
+                  "engine_name": "VirIT",
+                  "engine_version": "9.5.591",
+                  "result": "Trojan.Win32.Yontoo.COS",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "SymantecMobileInsight": {
+                  "category": "type-unsupported",
+                  "engine_name": "SymantecMobileInsight",
+                  "engine_version": "2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230119"
+                },
+                "Symantec": {
+                  "category": "malicious",
+                  "engine_name": "Symantec",
+                  "engine_version": "1.21.0.0",
+                  "result": "SMG.Heur!gen",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "tehtris": {
+                  "category": "malicious",
+                  "engine_name": "tehtris",
+                  "engine_version": "v0.1.4-109-g76614fd",
+                  "result": "Generic.Malware",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "ESET-NOD32": {
+                  "category": "malicious",
+                  "engine_name": "ESET-NOD32",
+                  "engine_version": "28342",
+                  "result": "a variant of Win32/Adware.BrowseFox.CA",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "APEX": {
+                  "category": "malicious",
+                  "engine_name": "APEX",
+                  "engine_version": "6.478",
+                  "result": "Malicious",
+                  "method": "blacklist",
+                  "engine_update": "20231128"
+                },
+                "Paloalto": {
+                  "category": "undetected",
+                  "engine_name": "Paloalto",
+                  "engine_version": "0.9.0.1003",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "ClamAV": {
+                  "category": "malicious",
+                  "engine_name": "ClamAV",
+                  "engine_version": "1.2.1.0",
+                  "result": "Win.Adware.Browsefox-42728",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Kaspersky": {
+                  "category": "malicious",
+                  "engine_name": "Kaspersky",
+                  "engine_version": "22.0.1.28",
+                  "result": "not-a-virus:AdWare.Win32.Akamaihd.wmg",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "BitDefender": {
+                  "category": "malicious",
+                  "engine_name": "BitDefender",
+                  "engine_version": "7.2",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "NANO-Antivirus": {
+                  "category": "malicious",
+                  "engine_name": "NANO-Antivirus",
+                  "engine_version": "1.0.146.25796",
+                  "result": "Riskware.Win32.BrowseFox.fadpcm",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "SUPERAntiSpyware": {
+                  "category": "malicious",
+                  "engine_name": "SUPERAntiSpyware",
+                  "engine_version": "5.6.0.1032",
+                  "result": "PUP.SwiftRecord/Variant",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Avast": {
+                  "category": "malicious",
+                  "engine_name": "Avast",
+                  "engine_version": "23.9.8494.0",
+                  "result": "MSIL:BrowseFox-AO [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Tencent": {
+                  "category": "malicious",
+                  "engine_name": "Tencent",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.Win32.Akamaihd.ya",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Trustlook": {
+                  "category": "type-unsupported",
+                  "engine_name": "Trustlook",
+                  "engine_version": "1.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Emsisoft": {
+                  "category": "timeout",
+                  "engine_name": "Emsisoft",
+                  "engine_version": "2022.6.0.32461",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Google": {
+                  "category": "timeout",
+                  "engine_name": "Google",
+                  "engine_version": null,
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "F-Secure": {
+                  "category": "malicious",
+                  "engine_name": "F-Secure",
+                  "engine_version": "18.10.1547.307",
+                  "result": "Adware.ADWARE/BrowseFox.Gen7",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Baidu": {
+                  "category": "malicious",
+                  "engine_name": "Baidu",
+                  "engine_version": "1.0.0.2",
+                  "result": "Win32.Adware.BrowseFox.e",
+                  "method": "blacklist",
+                  "engine_update": "20190318"
+                },
+                "VIPRE": {
+                  "category": "malicious",
+                  "engine_name": "VIPRE",
+                  "engine_version": "6.0.0.35",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "TrendMicro": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro",
+                  "engine_version": "11.0.0.1006",
+                  "result": "TROJ_GEN.R002C0OKQ23",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Trapmine": {
+                  "category": "undetected",
+                  "engine_name": "Trapmine",
+                  "engine_version": "4.0.14.97",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "CMC": {
+                  "category": "undetected",
+                  "engine_name": "CMC",
+                  "engine_version": "2.4.2022.1",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230822"
+                },
+                "Sophos": {
+                  "category": "malicious",
+                  "engine_name": "Sophos",
+                  "engine_version": "2.4.3.0",
+                  "result": "Browse Fox (PUA)",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Ikarus": {
+                  "category": "malicious",
+                  "engine_name": "Ikarus",
+                  "engine_version": "6.2.4.0",
+                  "result": "AdWare.AdPlugin",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Avast-Mobile": {
+                  "category": "type-unsupported",
+                  "engine_name": "Avast-Mobile",
+                  "engine_version": "231201-00",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Jiangmin": {
+                  "category": "malicious",
+                  "engine_name": "Jiangmin",
+                  "engine_version": "16.0.100",
+                  "result": "AdWare/MSIL.gof",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Webroot": {
+                  "category": "undetected",
+                  "engine_name": "Webroot",
+                  "engine_version": "1.0.0.403",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Varist": {
+                  "category": "malicious",
+                  "engine_name": "Varist",
+                  "engine_version": "6.5.1.2",
+                  "result": "W32/S-eab4958c!Eldorado",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Avira": {
+                  "category": "malicious",
+                  "engine_name": "Avira",
+                  "engine_version": "8.3.3.16",
+                  "result": "ADWARE/BrowseFox.Gen7",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "MAX": {
+                  "category": "malicious",
+                  "engine_name": "MAX",
+                  "engine_version": "2023.1.4.1",
+                  "result": "malware (ai score=67)",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Antiy-AVL": {
+                  "category": "malicious",
+                  "engine_name": "Antiy-AVL",
+                  "engine_version": "3.0",
+                  "result": "RiskWare[WebToolbar]/Win32.Agent",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Kingsoft": {
+                  "category": "malicious",
+                  "engine_name": "Kingsoft",
+                  "engine_version": "None",
+                  "result": "malware.kb.a.887",
+                  "method": "blacklist",
+                  "engine_update": "20230906"
+                },
+                "Microsoft": {
+                  "category": "timeout",
+                  "engine_name": "Microsoft",
+                  "engine_version": "1.1.23100.2009",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Gridinsoft": {
+                  "category": "malicious",
+                  "engine_name": "Gridinsoft",
+                  "engine_version": "1.0.150.174",
+                  "result": "Adware.Win32.BrowseFox.vl!c",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Xcitium": {
+                  "category": "malicious",
+                  "engine_name": "Xcitium",
+                  "engine_version": "36229",
+                  "result": "Application.Win32.BrowseFox.ADO@5szlzz",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Arcabit": {
+                  "category": "malicious",
+                  "engine_name": "Arcabit",
+                  "engine_version": "2022.0.0.18",
+                  "result": "Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "ViRobot": {
+                  "category": "malicious",
+                  "engine_name": "ViRobot",
+                  "engine_version": "2014.3.20.0",
+                  "result": "Trojan.Win32.Agent.115440",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "ZoneAlarm": {
+                  "category": "malicious",
+                  "engine_name": "ZoneAlarm",
+                  "engine_version": "1.0",
+                  "result": "not-a-virus:AdWare.Win32.Akamaihd.wmg",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "GData": {
+                  "category": "malicious",
+                  "engine_name": "GData",
+                  "engine_version": "A:25.36919B:27.34085",
+                  "result": "Gen:Adware.BrowseFox.1",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Cynet": {
+                  "category": "malicious",
+                  "engine_name": "Cynet",
+                  "engine_version": "4.0.0.28",
+                  "result": "Malicious (score: 100)",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "BitDefenderFalx": {
+                  "category": "type-unsupported",
+                  "engine_name": "BitDefenderFalx",
+                  "engine_version": "2.0.936",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231121"
+                },
+                "AhnLab-V3": {
+                  "category": "malicious",
+                  "engine_name": "AhnLab-V3",
+                  "engine_version": "3.24.0.10447",
+                  "result": "PUP/Win32.BrowseFox.R160928",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Acronis": {
+                  "category": "undetected",
+                  "engine_name": "Acronis",
+                  "engine_version": "1.2.0.121",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230828"
+                },
+                "McAfee": {
+                  "category": "malicious",
+                  "engine_name": "McAfee",
+                  "engine_version": "6.0.6.653",
+                  "result": "PUP-XAG-AU",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "TACHYON": {
+                  "category": "undetected",
+                  "engine_name": "TACHYON",
+                  "engine_version": "2023-12-04.01",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "VBA32": {
+                  "category": "malicious",
+                  "engine_name": "VBA32",
+                  "engine_version": "5.0.0",
+                  "result": "BScope.Adware.BrowseFox",
+                  "method": "blacklist",
+                  "engine_update": "20231201"
+                },
+                "Malwarebytes": {
+                  "category": "malicious",
+                  "engine_name": "Malwarebytes",
+                  "engine_version": "4.5.5.54",
+                  "result": "BrowseFox.Adware.AdInjector.DDS",
+                  "method": "blacklist",
+                  "engine_update": "20231204"
+                },
+                "Panda": {
+                  "category": "malicious",
+                  "engine_name": "Panda",
+                  "engine_version": "4.6.4.2",
+                  "result": "Trj/CI.A",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Zoner": {
+                  "category": "undetected",
+                  "engine_name": "Zoner",
+                  "engine_version": "2.2.2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "TrendMicro-HouseCall": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro-HouseCall",
+                  "engine_version": "10.0.0.1040",
+                  "result": "TROJ_GEN.R002C0OKQ23",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Rising": {
+                  "category": "malicious",
+                  "engine_name": "Rising",
+                  "engine_version": "25.0.0.27",
+                  "result": "Adware.BrowseFox!1.A9E1 (CLASSIC)",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "Yandex": {
+                  "category": "malicious",
+                  "engine_name": "Yandex",
+                  "engine_version": "5.5.2.24",
+                  "result": "Trojan.GenAsa!1hJLldEqq7o",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "SentinelOne": {
+                  "category": "malicious",
+                  "engine_name": "SentinelOne",
+                  "engine_version": "23.4.2.3",
+                  "result": "Static AI - Malicious PE",
+                  "method": "blacklist",
+                  "engine_update": "20231119"
+                },
+                "MaxSecure": {
+                  "category": "malicious",
+                  "engine_name": "MaxSecure",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.W32.Multi.Kranet.gen_250888",
+                  "method": "blacklist",
+                  "engine_update": "20231202"
+                },
+                "Fortinet": {
+                  "category": "malicious",
+                  "engine_name": "Fortinet",
+                  "engine_version": "None",
+                  "result": "Adware/BrowserFox",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "AVG": {
+                  "category": "malicious",
+                  "engine_name": "AVG",
+                  "engine_version": "23.9.8494.0",
+                  "result": "MSIL:BrowseFox-AO [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "DeepInstinct": {
+                  "category": "malicious",
+                  "engine_name": "DeepInstinct",
+                  "engine_version": "3.1.0.15",
+                  "result": "MALICIOUS",
+                  "method": "blacklist",
+                  "engine_update": "20231203"
+                },
+                "CrowdStrike": {
+                  "category": "malicious",
+                  "engine_name": "CrowdStrike",
+                  "engine_version": "1.0",
+                  "result": "win/grayware_confidence_100% (W)",
+                  "method": "blacklist",
+                  "engine_update": "20220812"
+                }
+              },
+              "reputation": 0
+            },
+            "type": "file",
+            "id": "e10a0fdec1bdc1f93bbdcd0592cccf2d5aedafafda8db1e3dd1319739a70883e",
+            "links": {
+              "self": "https://www.virustotal.com/api/v3/files/e10a0fdec1bdc1f93bbdcd0592cccf2d5aedafafda8db1e3dd1319739a70883e"
+            }
+          },
+          {
+            "attributes": {
+              "size": 364824,
+              "type_description": "Win32 EXE",
+              "tlsh": "T103741242EA88D78CDF7E01B088C3CC43073224E64A9D674BB8DE16147FE6B99569F11D",
+              "vhash": "03503e0f7d5011z11z11z67z1015z10101011z1bz",
+              "exiftool": {
+                "MIMEType": "application/octet-stream",
+                "Subsystem": "Windows GUI",
+                "MachineType": "Intel 386 or later, and compatibles",
+                "TimeStamp": "2014:10:27 11:26:22+00:00",
+                "FileType": "Win32 EXE",
+                "PEType": "PE32",
+                "CodeSize": "323584",
+                "LinkerVersion": "9.0",
+                "ImageFileCharacteristics": "Executable, 32-bit",
+                "FileTypeExtension": "exe",
+                "InitializedDataSize": "36864",
+                "SubsystemVersion": "5.0",
+                "ImageVersion": "0.0",
+                "OSVersion": "5.0",
+                "EntryPoint": "0xee780",
+                "UninitializedDataSize": "651264"
+              },
+              "type_tags": [
+                "executable",
+                "windows",
+                "win32",
+                "pe",
+                "peexe"
+              ],
+              "crowdsourced_yara_results": [
+                {
+                  "description": "UPX dump on OEP (original entry point)",
+                  "source": "https://github.com/kevoreilly/CAPEv2",
+                  "author": "kevoreilly",
+                  "ruleset_name": "UPX",
+                  "rule_name": "UPX",
+                  "ruleset_id": "00b6c50803"
+                },
+                {
+                  "rule_name": "UPX",
+                  "description": "UPX dump on OEP (original entry point)",
+                  "author": "kevoreilly",
+                  "ruleset_id": "00b6c50803",
+                  "ruleset_name": "UPX",
+                  "match_in_subfile": true,
+                  "source": "https://github.com/kevoreilly/CAPEv2"
+                }
+              ],
+              "creation_date": 1414409182,
+              "threat_severity": {
+                "threat_severity_level": "SEVERITY_LOW",
+                "threat_severity_data": {
+                  "num_gav_detections": 2,
+                  "popular_threat_category": "adware"
+                },
+                "last_analysis_date": "1699737822",
+                "version": 3,
+                "level_description": "Severity LOW because it was considered adware. Other contributing factor was that it could not be run in sandboxes."
+              },
+              "names": [
+                "c599ebda863e5920068f4640162d8f58.virus"
+              ],
+              "signature_info": {
+                "x509": [
+                  {
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "2014-07-14 00:00:00",
+                    "valid to": "2015-07-14 23:59:59",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC",
+                    "valid_usage": "Code Signing"
+                  }
+                ],
+                "signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Code Signing",
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "12:00 AM 07/14/2014",
+                    "valid to": "11:59 PM 07/14/2015",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Client Auth, Code Signing",
+                    "name": "VeriSign Class 3 Code Signing 2010 CA",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 02/08/2010",
+                    "valid to": "11:59 PM 02/07/2020",
+                    "serial number": "52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "495847A93187CFB8C71F840CB7B41497AD95C64F"
+                  },
+                  {
+                    "status": "Valid",
+                    "valid usage": "Client Auth, Code Signing, Email Protection, Server Auth",
+                    "name": "VeriSign",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 11/08/2006",
+                    "valid to": "11:59 PM 07/16/2036",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  }
+                ],
+                "verified": "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.",
+                "signers": "Digital Plugin S.l.; VeriSign Class 3 Code Signing 2010 CA; VeriSign"
+              },
+              "last_modification_date": 1699864459,
+              "type_tag": "peexe",
+              "times_submitted": 1,
+              "total_votes": {
+                "harmless": 0,
+                "malicious": 0
+              },
+              "popular_threat_classification": {
+                "suggested_threat_label": "adware.softpulse/bundler",
+                "popular_threat_category": [
+                  {
+                    "count": 9,
+                    "value": "adware"
+                  },
+                  {
+                    "count": 4,
+                    "value": "downloader"
+                  },
+                  {
+                    "count": 4,
+                    "value": "trojan"
+                  }
+                ],
+                "popular_threat_name": [
+                  {
+                    "count": 13,
+                    "value": "softpulse"
+                  },
+                  {
+                    "count": 7,
+                    "value": "bundler"
+                  },
+                  {
+                    "count": 2,
+                    "value": "oanm"
+                  }
+                ]
+              },
+              "authentihash": "2a1d053887b212dfb06de34f41e1170aafef6e18f29d09e49381638496f622de",
+              "detectiteasy": {
+                "filetype": "PE32",
+                "values": [
+                  {
+                    "info": "NRV,brute",
+                    "version": "3.91",
+                    "type": "Packer",
+                    "name": "UPX"
+                  },
+                  {
+                    "version": "2008",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "info": "C++",
+                    "version": "15.00.30729",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "version": "9.00.30729",
+                    "type": "Linker",
+                    "name": "Microsoft Linker"
+                  },
+                  {
+                    "version": "2008",
+                    "type": "Tool",
+                    "name": "Visual Studio"
+                  }
+                ]
+              },
+              "last_submission_date": 1699737719,
+              "sigma_analysis_results": [
+                {
+                  "rule_title": "Modification of IE Registry Settings",
+                  "rule_source": "Sigma Integrated Rule Set (GitHub)",
+                  "match_context": [
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "F\\x00\\x00\\x00\\xd0\\x01\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x93\\xa6v@\\x18\\xd6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xac\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00",
+                        "TargetObject": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings"
+                      }
+                    },
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "Network  10",
+                        "TargetObject": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{3C4E5326-C0E1-4723-993B-77C1811F297F}\\WpadNetworkName"
+                      }
+                    },
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "F\\x00\\x00\\x00\\x7f\\x02\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x93\\xa6v@\\x18\\xd6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xac\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00",
+                        "TargetObject": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings"
+                      }
+                    },
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "%HTTP_PROXY%:8080",
+                        "TargetObject": "HKEY_USERS\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer"
+                      }
+                    },
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "46 00 00 00 05 01 00 00 03 00 00 00 14 00 00 00 65 78 74 72 61 63 74 6F 72 2E 70 72 6F 78 79 3A 38 30 38 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 5C 01 4D C1 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
+                        "TargetObject": "HKEY_USERS\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings"
+                      }
+                    }
+                  ],
+                  "rule_level": "low",
+                  "rule_description": "Detects modification of the registry settings used for Internet Explorer and other Windows components that use these settings. An attacker can abuse this registry key to add a domain to the trusted sites Zone or insert javascript for persistence",
+                  "rule_author": "frack113",
+                  "rule_id": "7ca43f2acf2c039e776af286dca2b5216d23967e6e8fe43dd5a5cc95f86e52e5"
+                }
+              ],
+              "meaningful_name": "c599ebda863e5920068f4640162d8f58.virus",
+              "downloadable": true,
+              "crowdsourced_ids_stats": {
+                "high": 0,
+                "info": 0,
+                "medium": 0,
+                "low": 2
+              },
+              "trid": [
+                {
+                  "file_type": "UPX compressed Win32 Executable",
+                  "probability": 34.7
+                },
+                {
+                  "file_type": "Win32 EXE Yoda's Crypter",
+                  "probability": 34.1
+                },
+                {
+                  "file_type": "Win32 Dynamic Link Library (generic)",
+                  "probability": 8.4
+                },
+                {
+                  "file_type": "Win16 NE executable (generic)",
+                  "probability": 6.4
+                },
+                {
+                  "file_type": "Win32 Executable (generic)",
+                  "probability": 5.7
+                }
+              ],
+              "sigma_analysis_summary": {
+                "Sigma Integrated Rule Set (GitHub)": {
+                  "high": 0,
+                  "medium": 0,
+                  "critical": 0,
+                  "low": 1
+                }
+              },
+              "sandbox_verdicts": {
+                "Zenbox": {
+                  "category": "harmless",
+                  "confidence": 96,
+                  "sandbox_name": "Zenbox",
+                  "malware_classification": [
+                    "CLEAN"
+                  ]
+                },
+                "C2AE": {
+                  "category": "malicious",
+                  "confidence": 50,
+                  "sandbox_name": "C2AE",
+                  "malware_classification": [
+                    "ADWARE"
+                  ],
+                  "malware_names": [
+                    "AdwareSoftpulse"
+                  ]
+                }
+              },
+              "sha256": "48e0fbd3aedf5fd11e20f06cfd38c7a5392728dfa0f4c78e56d4ea09de675228",
+              "type_extension": "exe",
+              "tags": [
+                "peexe",
+                "signed",
+                "upx",
+                "overlay",
+                "calls-wmi",
+                "checks-user-input",
+                "checks-network-adapters"
+              ],
+              "crowdsourced_ids_results": [
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "(eth) truncated ethernet header",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert ( gid:116; sid:424; rev:2; msg:\"(eth) truncated ethernet header\"; metadata: policy max-detect-ips drop, rule-type decode; classtype:misc-activity;)",
+                  "rule_id": "116:424"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "PROTOCOL-ICMP Destination Unreachable Network Unreachable",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP Destination Unreachable Network Unreachable\"; icode:0; itype:3; metadata:ruleset community; classtype:misc-activity; sid:401; rev:9; )",
+                  "rule_id": "1:401"
+                }
+              ],
+              "last_analysis_date": 1699737719,
+              "unique_sources": 1,
+              "first_submission_date": 1699737719,
+              "sha1": "26cd0afa10ab28f208db45f17b11a7dd6cee5d62",
+              "ssdeep": "6144:5nLnp+SGhJJ67vlkaHICi/dvZj9JoaOu8Osa0CA8ztvwnoqdDQjes0061XibPpwD:xLnprGhS7vJk192aOuRM2ztvwnAjesdO",
+              "packers": {
+                "PEiD": "UPX v0.89.6 - v1.02 / v1.05 -v1.24 -> Markus & Laszlo [overlay]"
+              },
+              "md5": "c599ebda863e5920068f4640162d8f58",
+              "pe_info": {
+                "resource_details": [
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 7.810283660888672,
+                    "chi2": 733.15,
+                    "filetype": "unknown",
+                    "sha256": "0b2bfb56569303596a1a58f77d48079af29785816bee72eaf5db4700718112d5",
+                    "type": "AVI"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 7.919436931610107,
+                    "chi2": 20286.84,
+                    "filetype": "unknown",
+                    "sha256": "360fc29e4096510fcf1fb5198a356b7109810694582190e42c2a07011792112a",
+                    "type": "JS"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.18538236618042,
+                    "chi2": 366.91,
+                    "filetype": "unknown",
+                    "sha256": "a1814833e9599c6d7b16d4ba74fc3edf3dd4bc27ae8d1fca4a3fa58b2bd95623",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.706934928894043,
+                    "chi2": 312.09,
+                    "filetype": "unknown",
+                    "sha256": "795379d695329d203419a5904b8bef8f1d496ed11c948c011147a6b55d7d147c",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.074103355407715,
+                    "chi2": 405.14,
+                    "filetype": "unknown",
+                    "sha256": "2b3ceb2a7f9c0482f75779fb91e2eae63a3cb24093a248b281c2ef4f12de41a4",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.062444686889648,
+                    "chi2": 420.1,
+                    "filetype": "unknown",
+                    "sha256": "b581738bb3d6cbe3efaf879573b860598bd7301fb4eba16ac8634d8a626a8de9",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.2049455642700195,
+                    "chi2": 313.71,
+                    "filetype": "unknown",
+                    "sha256": "39e9ce5457ea388764ef92ea5d3a165eb2e62b7f6c8b3db238e9bd620d1d8bc5",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.233150005340576,
+                    "chi2": 292.1,
+                    "filetype": "unknown",
+                    "sha256": "49f56febc4db84eaec2149aebf2b29ff9569388d2ef94cdcf91834a4a72b8d22",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.2283854484558105,
+                    "chi2": 297.09,
+                    "filetype": "unknown",
+                    "sha256": "b3213af53f3737fa4addd02673946ae12c84cd4b96d4d876b938ee8e0654843d",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.091978549957275,
+                    "chi2": 391.84,
+                    "filetype": "unknown",
+                    "sha256": "56da7ece5bfdb46179edacf7d3c18d98bba40057edfc356657fb0b5d1bbbac98",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.234017848968506,
+                    "chi2": 282.13,
+                    "filetype": "unknown",
+                    "sha256": "e8c91f6fc30d9aa03813b0ea974903eab8f4f327ee003906397b2c5c64125a27",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.162675380706787,
+                    "chi2": 328.68,
+                    "filetype": "unknown",
+                    "sha256": "cbb37a889d446fd06e82cff5ab06203d347cdbe08519e510604ad32ece168d03",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.186522006988525,
+                    "chi2": 332,
+                    "filetype": "unknown",
+                    "sha256": "0a4b27b9727b9938afa53887dbd10c06be56c2f598eac84e23e7d12d8dfbba5a",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.203550338745117,
+                    "chi2": 302.08,
+                    "filetype": "unknown",
+                    "sha256": "6f7daa293d64387701ab8b4ec2896a71bb69bd77cb5deb0e15444a4d730b8c39",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.2348785400390625,
+                    "chi2": 285.45,
+                    "filetype": "unknown",
+                    "sha256": "f881cb1dcab743464e46402f8c0c1f36e47548772ce46bd1f2016072e6824cf3",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.308350563049316,
+                    "chi2": 272.16,
+                    "filetype": "unknown",
+                    "sha256": "18fc86bfaff203c8c1f668d586745fc9bd6fc4ef732b4abef2b0114315b5a271",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.188324928283691,
+                    "chi2": 330.34,
+                    "filetype": "unknown",
+                    "sha256": "c8254c51bf33479826fe0c5fc054312e579f0e02989b121eeb6a29299174cb32",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.13906717300415,
+                    "chi2": 351.95,
+                    "filetype": "unknown",
+                    "sha256": "87a06871f74da3a6f77a7ae01bc331b5acad7d9a6b355255356edb0479bd4d5e",
+                    "type": "RT_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.581708908081055,
+                    "chi2": 403.13,
+                    "filetype": "unknown",
+                    "sha256": "e560a142fa6e4b47bd95789bee1f3c9ed75b6ac07af92a37e9cd51b32f6fe5db",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.178711891174316,
+                    "chi2": 357.09,
+                    "filetype": "unknown",
+                    "sha256": "a748406d7a5147ed1a4d44e54d3233465db327ca816252c3d5b2c0ede6853263",
+                    "type": "RT_BITMAP"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.189525127410889,
+                    "chi2": 700322.75,
+                    "filetype": "unknown",
+                    "sha256": "2e720f17202cca8fcf2d4a4f08eb607038912e34afa3ffcd5003e83cac6d1ed1",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.375616550445557,
+                    "chi2": 361278.47,
+                    "filetype": "unknown",
+                    "sha256": "e1dd1ec4e6d2c7ac21e74643e95ba36e54e7739f60732eadd985b92066b3fcc7",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.823227882385254,
+                    "chi2": 116333.62,
+                    "filetype": "unknown",
+                    "sha256": "ef545293f0443501608328ec2f28d34b4126e72500d15d6925be93a9f9d25377",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 6.454781532287598,
+                    "chi2": 13994.15,
+                    "filetype": "unknown",
+                    "sha256": "8a209d72f3c31a16ca20469331c81b1323b19cac9a0987bdf0efdc147d0b4d7b",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.999114036560059,
+                    "chi2": 435.23,
+                    "filetype": "unknown",
+                    "sha256": "19347aae1cbca596333d63b2e8cca3ea91ea76148ce08ebfa8853b0c6d6e7388",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.882763862609863,
+                    "chi2": 385.93,
+                    "filetype": "unknown",
+                    "sha256": "0f020d31b29540157af317b5789f66896abbf8f8afd96762625627778eabd36e",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.493616580963135,
+                    "chi2": 263.08,
+                    "filetype": "unknown",
+                    "sha256": "825aad8de55490eb2bfce8d2085b01861a9419c9dd50f942ff4522ba28a0bde8",
+                    "type": "RT_DIALOG"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.292409420013428,
+                    "chi2": 362.31,
+                    "filetype": "unknown",
+                    "sha256": "8bde7c399fc8db5f1d57776dd5f96a0a0d6eee09205a9e37a92510eecde974ae",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.088627815246582,
+                    "chi2": 299.33,
+                    "filetype": "unknown",
+                    "sha256": "812d29d8bc40f60d8f0030f39af0f98545d3f7b388d6536e45007159b52779e9",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.072800159454346,
+                    "chi2": 493.48,
+                    "filetype": "unknown",
+                    "sha256": "fafe8a2616e5cd1df436916f0501075f9576d7af8b06659cab5fdf3faea15281",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.624719619750977,
+                    "chi2": 822.17,
+                    "filetype": "unknown",
+                    "sha256": "c07830ae9281dbaab1a8fef19d01c9843e24517d4e836b6dd6d90fb0033e6efa",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.246464729309082,
+                    "chi2": 634.54,
+                    "filetype": "unknown",
+                    "sha256": "6f483f894f889d8cbe6aad3b5c4d82b41e78d5e4b42dd38c98e77592a9df39d8",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.1811604499816895,
+                    "chi2": 860.01,
+                    "filetype": "unknown",
+                    "sha256": "895c10ffc3d34d0d0b6a48483e9efaf3bd3e60ae3b3d508d4b02efbe50597a24",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.321349620819092,
+                    "chi2": 366.58,
+                    "filetype": "unknown",
+                    "sha256": "ca0d68bb5c533698dfd026ca3299aa903a41eb4c61d6b436f09b0491f839f0e2",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.391663551330566,
+                    "chi2": 444.19,
+                    "filetype": "unknown",
+                    "sha256": "aaa52c2ccdbb82d000ed3a8f45293d61320279be1bd38459feb9655ad14004f2",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.634448528289795,
+                    "chi2": 497.57,
+                    "filetype": "unknown",
+                    "sha256": "0773fb6958557879be562ca688e74e04c64608952ba92f9f740b2cd81c6de244",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.378391265869141,
+                    "chi2": 1072.48,
+                    "filetype": "unknown",
+                    "sha256": "2ecd8afb3f1087786d8cab41ab5d840fb56076e982334360a7aa1dd8bf1f7f98",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 7.127563953399658,
+                    "chi2": 713.16,
+                    "filetype": "unknown",
+                    "sha256": "a3f580194efb9f7432036421195044faded98ee8730bbe7d25b5ab8b8b798e9b",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.232158660888672,
+                    "chi2": 270.18,
+                    "filetype": "unknown",
+                    "sha256": "0cae6d5cf057e5eeb496bcf0fe45da8a1fec09b3b8eaecbae578419ad28010f1",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.548110485076904,
+                    "chi2": 337.39,
+                    "filetype": "unknown",
+                    "sha256": "6f17ba3be06b363ab5263dbce35cddf5769b8c38a6967cddacf3502911cf563a",
+                    "type": "RT_STRING"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.594671249389648,
+                    "chi2": 387.65,
+                    "filetype": "unknown",
+                    "sha256": "d6f8554b05ca44f4150a159dfc56674e2edc2238fac6cd1d5ee839bd02623e5c",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.1219282150268555,
+                    "chi2": 287.2,
+                    "filetype": "unknown",
+                    "sha256": "3fb3b69714dfd924f3089a27dc7cb3ccc2e2a874c4488291a9b09c4383315018",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "0aa198ea4a9a222c03449bec1ed1fa139fa8703e2bc7dfc779444cc1e2781417",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.321928024291992,
+                    "chi2": 236,
+                    "filetype": "unknown",
+                    "sha256": "7a3fa151c07bac1b7b94ce2a48fb97838f5c26637bb88b387848fad4f9920cf9",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "76b9b6d85bf217fffd4a1e725d626a89b58c233ff5ac35a7259062808d9b19ae",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.021928310394287,
+                    "chi2": 312.8,
+                    "filetype": "unknown",
+                    "sha256": "689e0e0ca2f28f38cb13db528483f5022a533dddcac51b03c147ae53b82a15c0",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "081e398714975a0cce8aad0bbb5c65ef677e72f9a177f14c98ca28ece029fb4e",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "772148e7eb15d032f916f73513eb867c6d9a6f290b02d9262a75ea9dea83a0e3",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "ca20f393ee459f681c3b183a0d2746c62bec7feb151fe54ce6f033d8889dcece",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "17c4e16e2a32571faba4f0aed6461c4a77f14d1f42e4dfb10b30f7e21367ee86",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.221928119659424,
+                    "chi2": 261.6,
+                    "filetype": "unknown",
+                    "sha256": "ed002572874d2adeb17ecdd4bcd34a349a0542632b25ccf25f698b7a4b37ae42",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.884183883666992,
+                    "chi2": 364,
+                    "filetype": "unknown",
+                    "sha256": "450664f8ac3ec83ec164735525aa5fb53068ede600d793c412e2cbc1bc404ad0",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.884183883666992,
+                    "chi2": 364,
+                    "filetype": "unknown",
+                    "sha256": "aa0912bb4be8da8f2e625c5d1ec9e438ac0bb73593172b93ea0830d5469ae355",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.321928024291992,
+                    "chi2": 236,
+                    "filetype": "unknown",
+                    "sha256": "6883fecefccf6c929e3db5b4e176d13f20797b32a3b7af5287b71a4e27fb6469",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 3.784183979034424,
+                    "chi2": 389.6,
+                    "filetype": "unknown",
+                    "sha256": "2c54d2bfc451fec9f663f86be57a232e3675e18fe25abaf28d8eff06e38d04d0",
+                    "type": "RT_GROUP_CURSOR"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 2.6230783462524414,
+                    "chi2": 4612.06,
+                    "filetype": "ICO",
+                    "sha256": "822952416183dc59088127325e52faebc96d08a97d76bd9202cc4880de84f48e",
+                    "type": "RT_GROUP_ICON"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 4.7779154777526855,
+                    "chi2": 4088.22,
+                    "filetype": "unknown",
+                    "sha256": "ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0",
+                    "type": "RT_MANIFEST"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 6.309433460235596,
+                    "chi2": 604.02,
+                    "filetype": "unknown",
+                    "sha256": "8babd1e359be24860c9caa9e6bcdfa53b495be333a8e335f2f1fa1c655c6f41b",
+                    "type": "Struct(240)"
+                  }
+                ],
+                "rich_pe_header_hash": "dd8b78cc191510cd10feb2824b748bea",
+                "imphash": "5f15984203f9f28b4a5ab3eb0fedcfa8",
+                "overlay": {
+                  "entropy": 6.925352573394775,
+                  "offset": 359936,
+                  "chi2": 15005.85,
+                  "filetype": "unknown",
+                  "size": 4888,
+                  "md5": "e484c617eeeb56a6af19ba47ef5c9d5f"
+                },
+                "compiler_product_versions": [
+                  "[C++] VS2008 build 21022 count=5",
+                  "[ C ] VS2005 build 50727 count=14",
+                  "[IMP] VS2005 build 50727 count=29",
+                  "[---] Unmarked objects count=626",
+                  "[ASM] VS2008 SP1 build 30729 count=31",
+                  "[ C ] VS2008 SP1 build 30729 count=211",
+                  "[C++] VS2008 SP1 build 30729 count=196",
+                  "[RES] VS2008 build 21022 count=1",
+                  "[LNK] VS2008 SP1 build 30729 count=1"
+                ],
+                "resource_langs": {
+                  "SPANISH MODERN": 7,
+                  "ENGLISH US": 51
+                },
+                "machine_type": 332,
+                "timestamp": 1414409182,
+                "resource_types": {
+                  "RT_DIALOG": 3,
+                  "RT_GROUP_CURSOR": 15,
+                  "RT_ICON": 4,
+                  "Struct(240)": 1,
+                  "JS": 1,
+                  "RT_MANIFEST": 1,
+                  "RT_STRING": 13,
+                  "AVI": 1,
+                  "RT_BITMAP": 2,
+                  "RT_CURSOR": 16,
+                  "RT_GROUP_ICON": 1
+                },
+                "sections": [
+                  {
+                    "name": "UPX0",
+                    "chi2": -1,
+                    "virtual_address": 4096,
+                    "entropy": 0,
+                    "raw_size": 0,
+                    "flags": "rwx",
+                    "virtual_size": 651264,
+                    "md5": "d41d8cd98f00b204e9800998ecf8427e"
+                  },
+                  {
+                    "name": "UPX1",
+                    "chi2": 32862.05,
+                    "virtual_address": 655360,
+                    "entropy": 7.93,
+                    "raw_size": 322048,
+                    "flags": "rwx",
+                    "virtual_size": 323584,
+                    "md5": "6423157b48656a9c27c8aad503d23424"
+                  },
+                  {
+                    "name": ".rsrc",
+                    "chi2": 1541897.25,
+                    "virtual_address": 978944,
+                    "entropy": 5.27,
+                    "raw_size": 36864,
+                    "flags": "rw",
+                    "virtual_size": 36864,
+                    "md5": "8a10a21919ad1bc19966f2b8a98b81b2"
+                  }
+                ],
+                "import_list": [
+                  {
+                    "library_name": "COMDLG32.dll",
+                    "imported_functions": [
+                      "GetFileTitleW"
+                    ]
+                  },
+                  {
+                    "library_name": "urlmon.dll",
+                    "imported_functions": [
+                      "URLDownloadToFileW"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEAUT32.dll",
+                    "imported_functions": [
+                      "SysFreeString"
+                    ]
+                  },
+                  {
+                    "library_name": "WININET.dll",
+                    "imported_functions": [
+                      "InternetOpenW"
+                    ]
+                  },
+                  {
+                    "library_name": "GDI32.dll",
+                    "imported_functions": [
+                      "Escape"
+                    ]
+                  },
+                  {
+                    "library_name": "SHELL32.dll",
+                    "imported_functions": [
+                      "DragFinish"
+                    ]
+                  },
+                  {
+                    "library_name": "KERNEL32.DLL",
+                    "imported_functions": [
+                      "ExitProcess",
+                      "GetProcAddress",
+                      "LoadLibraryA",
+                      "VirtualAlloc",
+                      "VirtualFree",
+                      "VirtualProtect"
+                    ]
+                  },
+                  {
+                    "library_name": "oledlg.dll",
+                    "imported_functions": [
+                      "OleUIBusyW"
+                    ]
+                  },
+                  {
+                    "library_name": "ADVAPI32.dll",
+                    "imported_functions": [
+                      "RegOpenKeyW"
+                    ]
+                  },
+                  {
+                    "library_name": "ole32.dll",
+                    "imported_functions": [
+                      "CoInitialize"
+                    ]
+                  },
+                  {
+                    "library_name": "SHLWAPI.dll",
+                    "imported_functions": [
+                      "PathIsUNCW"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEACC.dll",
+                    "imported_functions": [
+                      "LresultFromObject"
+                    ]
+                  },
+                  {
+                    "library_name": "USER32.dll",
+                    "imported_functions": [
+                      "GetDC"
+                    ]
+                  },
+                  {
+                    "library_name": "WINSPOOL.DRV",
+                    "imported_functions": [
+                      "ClosePrinter"
+                    ]
+                  }
+                ],
+                "entry_point": 976768
+              },
+              "magic": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed",
+              "main_icon": {
+                "raw_md5": "43904e72668bf11b907779d93fc7dd6a",
+                "dhash": "686e76e6c2e8e4e0"
+              },
+              "last_analysis_stats": {
+                "harmless": 0,
+                "type-unsupported": 4,
+                "suspicious": 0,
+                "confirmed-timeout": 0,
+                "timeout": 1,
+                "failure": 0,
+                "malicious": 60,
+                "undetected": 11
+              },
+              "last_analysis_results": {
+                "Bkav": {
+                  "category": "malicious",
+                  "engine_name": "Bkav",
+                  "engine_version": "2.0.0.1",
+                  "result": "W32.AIDetectMalware",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Lionic": {
+                  "category": "undetected",
+                  "engine_name": "Lionic",
+                  "engine_version": "7.5",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "tehtris": {
+                  "category": "undetected",
+                  "engine_name": "tehtris",
+                  "engine_version": "v0.1.4-109-g76614fd",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "MicroWorld-eScan": {
+                  "category": "malicious",
+                  "engine_name": "MicroWorld-eScan",
+                  "engine_version": "14.0.409.0",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "FireEye": {
+                  "category": "malicious",
+                  "engine_name": "FireEye",
+                  "engine_version": "35.24.1.0",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "CAT-QuickHeal": {
+                  "category": "malicious",
+                  "engine_name": "CAT-QuickHeal",
+                  "engine_version": "22.00",
+                  "result": "PUA.Digitalplu5.Gen",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Skyhigh": {
+                  "category": "malicious",
+                  "engine_name": "Skyhigh",
+                  "engine_version": "v2021.2.0+4045",
+                  "result": "BehavesLike.Win32.Corrupt.fc",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "ALYac": {
+                  "category": "malicious",
+                  "engine_name": "ALYac",
+                  "engine_version": "1.1.3.1",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Malwarebytes": {
+                  "category": "malicious",
+                  "engine_name": "Malwarebytes",
+                  "engine_version": "4.5.5.54",
+                  "result": "Generic.Malware.AI.DDS",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Zillya": {
+                  "category": "malicious",
+                  "engine_name": "Zillya",
+                  "engine_version": "2.0.0.4992",
+                  "result": "Adware.SoftPulseGen.Win32.1",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Sangfor": {
+                  "category": "malicious",
+                  "engine_name": "Sangfor",
+                  "engine_version": "2.23.0.0",
+                  "result": "Trojan.Win32.Save.a",
+                  "method": "blacklist",
+                  "engine_update": "20231026"
+                },
+                "K7AntiVirus": {
+                  "category": "malicious",
+                  "engine_name": "K7AntiVirus",
+                  "engine_version": "12.124.50172",
+                  "result": "Unwanted-Program ( 0040f9b01 )",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "BitDefender": {
+                  "category": "malicious",
+                  "engine_name": "BitDefender",
+                  "engine_version": "7.2",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "K7GW": {
+                  "category": "malicious",
+                  "engine_name": "K7GW",
+                  "engine_version": "12.124.50172",
+                  "result": "Adware ( 005693e61 )",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "CrowdStrike": {
+                  "category": "malicious",
+                  "engine_name": "CrowdStrike",
+                  "engine_version": "1.0",
+                  "result": "win/grayware_confidence_100% (D)",
+                  "method": "blacklist",
+                  "engine_update": "20220812"
+                },
+                "BitDefenderTheta": {
+                  "category": "undetected",
+                  "engine_name": "BitDefenderTheta",
+                  "engine_version": "7.2.37796.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231023"
+                },
+                "VirIT": {
+                  "category": "malicious",
+                  "engine_name": "VirIT",
+                  "engine_version": "9.5.576",
+                  "result": "Trojan.Win32.DownLoader11.CBUT",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "SymantecMobileInsight": {
+                  "category": "type-unsupported",
+                  "engine_name": "SymantecMobileInsight",
+                  "engine_version": "2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230119"
+                },
+                "Symantec": {
+                  "category": "malicious",
+                  "engine_name": "Symantec",
+                  "engine_version": "1.21.0.0",
+                  "result": "SMG.Heur!gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Elastic": {
+                  "category": "malicious",
+                  "engine_name": "Elastic",
+                  "engine_version": "4.0.116",
+                  "result": "malicious (moderate confidence)",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "ESET-NOD32": {
+                  "category": "malicious",
+                  "engine_name": "ESET-NOD32",
+                  "engine_version": "28224",
+                  "result": "a variant of Win32/SoftPulse.B potentially unwanted",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cynet": {
+                  "category": "malicious",
+                  "engine_name": "Cynet",
+                  "engine_version": "4.0.0.28",
+                  "result": "Malicious (score: 100)",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "APEX": {
+                  "category": "malicious",
+                  "engine_name": "APEX",
+                  "engine_version": "6.474",
+                  "result": "Malicious",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Paloalto": {
+                  "category": "undetected",
+                  "engine_name": "Paloalto",
+                  "engine_version": "0.9.0.1003",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "ClamAV": {
+                  "category": "malicious",
+                  "engine_name": "ClamAV",
+                  "engine_version": "1.2.1.0",
+                  "result": "Win.Adware.MultiPlug-2",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Kaspersky": {
+                  "category": "malicious",
+                  "engine_name": "Kaspersky",
+                  "engine_version": "22.0.1.28",
+                  "result": "not-a-virus:HEUR:Downloader.Win32.Generic",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Alibaba": {
+                  "category": "undetected",
+                  "engine_name": "Alibaba",
+                  "engine_version": "0.3.0.5",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20190527"
+                },
+                "NANO-Antivirus": {
+                  "category": "malicious",
+                  "engine_name": "NANO-Antivirus",
+                  "engine_version": "1.0.146.25796",
+                  "result": "Riskware.Win32.Agent.dvsthg",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "ViRobot": {
+                  "category": "undetected",
+                  "engine_name": "ViRobot",
+                  "engine_version": "2014.3.20.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Tencent": {
+                  "category": "malicious",
+                  "engine_name": "Tencent",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.Win32.Buzuse.oyxu",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Trustlook": {
+                  "category": "type-unsupported",
+                  "engine_name": "Trustlook",
+                  "engine_version": "1.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TACHYON": {
+                  "category": "undetected",
+                  "engine_name": "TACHYON",
+                  "engine_version": "2023-11-11.02",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Sophos": {
+                  "category": "malicious",
+                  "engine_name": "Sophos",
+                  "engine_version": "2.3.1.0",
+                  "result": "SoftPulse (PUA)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Baidu": {
+                  "category": "malicious",
+                  "engine_name": "Baidu",
+                  "engine_version": "1.0.0.2",
+                  "result": "Win32.Adware.Generic.bf",
+                  "method": "blacklist",
+                  "engine_update": "20190318"
+                },
+                "F-Secure": {
+                  "category": "malicious",
+                  "engine_name": "F-Secure",
+                  "engine_version": "18.10.1547.307",
+                  "result": "PotentialRisk.PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "DrWeb": {
+                  "category": "malicious",
+                  "engine_name": "DrWeb",
+                  "engine_version": "7.0.61.8090",
+                  "result": "Trojan.Domaiq.731",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "VIPRE": {
+                  "category": "malicious",
+                  "engine_name": "VIPRE",
+                  "engine_version": "6.0.0.35",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TrendMicro": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro",
+                  "engine_version": "11.0.0.1006",
+                  "result": "ADW_SOTFPULSE_UVPC",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Trapmine": {
+                  "category": "malicious",
+                  "engine_name": "Trapmine",
+                  "engine_version": "4.0.14.97",
+                  "result": "suspicious.low.ml.score",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "CMC": {
+                  "category": "undetected",
+                  "engine_name": "CMC",
+                  "engine_version": "2.4.2022.1",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230822"
+                },
+                "Emsisoft": {
+                  "category": "malicious",
+                  "engine_name": "Emsisoft",
+                  "engine_version": "2022.6.0.32461",
+                  "result": "Application.Bundler.GL (B)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "SentinelOne": {
+                  "category": "malicious",
+                  "engine_name": "SentinelOne",
+                  "engine_version": "23.4.0.1",
+                  "result": "Static AI - Malicious PE",
+                  "method": "blacklist",
+                  "engine_update": "20231018"
+                },
+                "Avast-Mobile": {
+                  "category": "type-unsupported",
+                  "engine_name": "Avast-Mobile",
+                  "engine_version": "231111-00",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Jiangmin": {
+                  "category": "malicious",
+                  "engine_name": "Jiangmin",
+                  "engine_version": "16.0.100",
+                  "result": "Adware/Agent.icf",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Webroot": {
+                  "category": "malicious",
+                  "engine_name": "Webroot",
+                  "engine_version": "1.0.0.403",
+                  "result": "Pua.Tuguu",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Varist": {
+                  "category": "malicious",
+                  "engine_name": "Varist",
+                  "engine_version": "6.5.1.2",
+                  "result": "W32/SoftPulse.B.gen!Eldorado",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Avira": {
+                  "category": "malicious",
+                  "engine_name": "Avira",
+                  "engine_version": "8.3.3.16",
+                  "result": "PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Antiy-AVL": {
+                  "category": "malicious",
+                  "engine_name": "Antiy-AVL",
+                  "engine_version": "3.0",
+                  "result": "GrayWare[AdWare]/Win32.Agent.djcr",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Kingsoft": {
+                  "category": "malicious",
+                  "engine_name": "Kingsoft",
+                  "engine_version": "None",
+                  "result": "malware.kb.b.984",
+                  "method": "blacklist",
+                  "engine_update": "20230906"
+                },
+                "Microsoft": {
+                  "category": "timeout",
+                  "engine_name": "Microsoft",
+                  "engine_version": "1.1.23100.2009",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Gridinsoft": {
+                  "category": "malicious",
+                  "engine_name": "Gridinsoft",
+                  "engine_version": "1.0.147.174",
+                  "result": "Adware.Win32.Downloader.vl!c",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Xcitium": {
+                  "category": "malicious",
+                  "engine_name": "Xcitium",
+                  "engine_version": "36167",
+                  "result": "Application.Win32.SoftPulse.D@5htsrg",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Arcabit": {
+                  "category": "malicious",
+                  "engine_name": "Arcabit",
+                  "engine_version": "2022.0.0.18",
+                  "result": "Application.Bundler.GL",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "SUPERAntiSpyware": {
+                  "category": "malicious",
+                  "engine_name": "SUPERAntiSpyware",
+                  "engine_version": "5.6.0.1032",
+                  "result": "PUP.SoftPulse/Variant",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "ZoneAlarm": {
+                  "category": "malicious",
+                  "engine_name": "ZoneAlarm",
+                  "engine_version": "1.0",
+                  "result": "not-a-virus:HEUR:Downloader.Win32.Generic",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "GData": {
+                  "category": "malicious",
+                  "engine_name": "GData",
+                  "engine_version": "A:25.36807B:27.33823",
+                  "result": "Win32.Trojan.PSE.11NPOKS",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Google": {
+                  "category": "malicious",
+                  "engine_name": "Google",
+                  "engine_version": "1699731052",
+                  "result": "Detected",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "BitDefenderFalx": {
+                  "category": "type-unsupported",
+                  "engine_name": "BitDefenderFalx",
+                  "engine_version": "2.0.936",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230921"
+                },
+                "AhnLab-V3": {
+                  "category": "malicious",
+                  "engine_name": "AhnLab-V3",
+                  "engine_version": "3.24.0.10447",
+                  "result": "PUP/Win32.SoftPulse.R122479",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Acronis": {
+                  "category": "malicious",
+                  "engine_name": "Acronis",
+                  "engine_version": "1.2.0.121",
+                  "result": "suspicious",
+                  "method": "blacklist",
+                  "engine_update": "20230828"
+                },
+                "McAfee": {
+                  "category": "malicious",
+                  "engine_name": "McAfee",
+                  "engine_version": "6.0.6.653",
+                  "result": "SoftPulse",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "MAX": {
+                  "category": "malicious",
+                  "engine_name": "MAX",
+                  "engine_version": "2023.1.4.1",
+                  "result": "malware (ai score=75)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "DeepInstinct": {
+                  "category": "malicious",
+                  "engine_name": "DeepInstinct",
+                  "engine_version": "3.1.0.15",
+                  "result": "MALICIOUS",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "VBA32": {
+                  "category": "malicious",
+                  "engine_name": "VBA32",
+                  "engine_version": "5.0.0",
+                  "result": "Downloader.Agent",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cylance": {
+                  "category": "malicious",
+                  "engine_name": "Cylance",
+                  "engine_version": "2.0.0.0",
+                  "result": "unsafe",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "Panda": {
+                  "category": "malicious",
+                  "engine_name": "Panda",
+                  "engine_version": "4.6.4.2",
+                  "result": "Trj/Genetic.gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Zoner": {
+                  "category": "undetected",
+                  "engine_name": "Zoner",
+                  "engine_version": "2.2.2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TrendMicro-HouseCall": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro-HouseCall",
+                  "engine_version": "10.0.0.1040",
+                  "result": "ADW_SOTFPULSE_UVPC",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Rising": {
+                  "category": "malicious",
+                  "engine_name": "Rising",
+                  "engine_version": "25.0.0.27",
+                  "result": "PUF.SoftPulse!1.AC87 (CLASSIC)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Yandex": {
+                  "category": "undetected",
+                  "engine_name": "Yandex",
+                  "engine_version": "5.5.2.24",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Ikarus": {
+                  "category": "malicious",
+                  "engine_name": "Ikarus",
+                  "engine_version": "6.2.4.0",
+                  "result": "PUA.DigitalPlugin",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "MaxSecure": {
+                  "category": "malicious",
+                  "engine_name": "MaxSecure",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.softplus.g",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Fortinet": {
+                  "category": "malicious",
+                  "engine_name": "Fortinet",
+                  "engine_version": "None",
+                  "result": "Riskware/SoftPulse.B",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "AVG": {
+                  "category": "malicious",
+                  "engine_name": "AVG",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:SoftPulse-AH [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cybereason": {
+                  "category": "undetected",
+                  "engine_name": "Cybereason",
+                  "engine_version": "1.2.449",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231102"
+                },
+                "Avast": {
+                  "category": "malicious",
+                  "engine_name": "Avast",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:SoftPulse-AH [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                }
+              },
+              "reputation": 0,
+              "sigma_analysis_stats": {
+                "high": 0,
+                "medium": 0,
+                "critical": 0,
+                "low": 1
+              }
+            },
+            "type": "file",
+            "id": "48e0fbd3aedf5fd11e20f06cfd38c7a5392728dfa0f4c78e56d4ea09de675228",
+            "links": {
+              "self": "https://www.virustotal.com/api/v3/files/48e0fbd3aedf5fd11e20f06cfd38c7a5392728dfa0f4c78e56d4ea09de675228"
+            }
+          },
+          {
+            "attributes": {
+              "size": 1229560,
+              "type_description": "Win32 EXE",
+              "tlsh": "T18245D083D1609027DD2612F509AF8249EF29E41917184E9BF29B4C05EF97E9C12FCF6E",
+              "vhash": "016046656d157038z4e7z4047z1jz",
+              "exiftool": {
+                "UninitializedDataSize": "0",
+                "InitializedDataSize": "1148416",
+                "ImageVersion": "0.0",
+                "FileVersionNumber": "2.0.0.0",
+                "LanguageCode": "Unknown (0009)",
+                "FileFlagsMask": "0x003f",
+                "ImageFileCharacteristics": "No relocs, Executable, 32-bit",
+                "CharacterSet": "Unicode",
+                "LinkerVersion": "11.0",
+                "EntryPoint": "0x7bc7",
+                "MIMEType": "application/octet-stream",
+                "Subsystem": "Windows GUI",
+                "FileVersion": "2.20.30.11",
+                "TimeStamp": "2014:10:16 10:33:49+00:00",
+                "FileType": "Win32 EXE",
+                "PEType": "PE32",
+                "ProductVersion": "2.20.30.11",
+                "SubsystemVersion": "5.1",
+                "OSVersion": "5.1",
+                "FileOS": "Windows NT 32-bit",
+                "LegalCopyright": "Copyright (C) 2014",
+                "MachineType": "Intel 386 or later, and compatibles",
+                "CodeSize": "83456",
+                "FileSubtype": "0",
+                "ProductVersionNumber": "2.0.0.0",
+                "FileTypeExtension": "exe",
+                "ObjectFileType": "Executable application"
+              },
+              "type_tags": [
+                "executable",
+                "windows",
+                "win32",
+                "pe",
+                "peexe"
+              ],
+              "crowdsourced_yara_results": [
+                {
+                  "description": "Trojan Buzus / Softpulse",
+                  "source": "https://github.com/Neo23x0/signature-base",
+                  "author": "Florian Roth (Nextron Systems)",
+                  "ruleset_name": "crime_buzus_softpulse",
+                  "rule_name": "Win32_Buzus_Softpulse",
+                  "ruleset_id": "0005cc42bd"
+                }
+              ],
+              "creation_date": 1413455629,
+              "threat_severity": {
+                "threat_severity_level": "SEVERITY_MEDIUM",
+                "threat_severity_data": {
+                  "num_gav_detections": 2,
+                  "popular_threat_category": "trojan"
+                },
+                "last_analysis_date": "1699731164",
+                "version": 3,
+                "level_description": "Severity MEDIUM because it was considered trojan."
+              },
+              "names": [
+                "c258f603978708b2e30e9f8e8b96add6.virus"
+              ],
+              "signature_info": {
+                "verified": "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.",
+                "copyright": "Copyright (C) 2014",
+                "file version": "2.20.30.11",
+                "x509": [
+                  {
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "2014-07-14 00:00:00",
+                    "valid to": "2015-07-14 23:59:59",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC",
+                    "valid_usage": "Code Signing"
+                  }
+                ],
+                "signers": "Digital Plugin S.l.; VeriSign Class 3 Code Signing 2010 CA; VeriSign",
+                "signers details": [
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Code Signing",
+                    "name": "Digital Plugin S.l.",
+                    "algorithm": "sha256RSA",
+                    "valid from": "12:00 AM 07/14/2014",
+                    "valid to": "11:59 PM 07/14/2015",
+                    "serial number": "22 91 11 B2 0C CF 13 39 4E 8E 6C A9 EA B4 12 1F",
+                    "cert issuer": "VeriSign Class 3 Code Signing 2010 CA",
+                    "thumbprint": "79235183BE77186FC6669A83C887B599A5CA21AC"
+                  },
+                  {
+                    "status": "This certificate or one of the certificates in the certificate chain is not time valid.",
+                    "valid usage": "Client Auth, Code Signing",
+                    "name": "VeriSign Class 3 Code Signing 2010 CA",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 02/08/2010",
+                    "valid to": "11:59 PM 02/07/2020",
+                    "serial number": "52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "495847A93187CFB8C71F840CB7B41497AD95C64F"
+                  },
+                  {
+                    "status": "Valid",
+                    "valid usage": "Client Auth, Code Signing, Email Protection, Server Auth",
+                    "name": "VeriSign",
+                    "algorithm": "sha1RSA",
+                    "valid from": "12:00 AM 11/08/2006",
+                    "valid to": "11:59 PM 07/16/2036",
+                    "serial number": "18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A",
+                    "cert issuer": "VeriSign Class 3 Public Primary Certification Authority - G5",
+                    "thumbprint": "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5"
+                  }
+                ]
+              },
+              "last_modification_date": 1699857795,
+              "type_tag": "peexe",
+              "times_submitted": 1,
+              "total_votes": {
+                "harmless": 0,
+                "malicious": 0
+              },
+              "popular_threat_classification": {
+                "suggested_threat_label": "trojan.softpulse/dacic",
+                "popular_threat_category": [
+                  {
+                    "count": 11,
+                    "value": "trojan"
+                  },
+                  {
+                    "count": 8,
+                    "value": "adware"
+                  },
+                  {
+                    "count": 4,
+                    "value": "pua"
+                  }
+                ],
+                "popular_threat_name": [
+                  {
+                    "count": 10,
+                    "value": "softpulse"
+                  },
+                  {
+                    "count": 6,
+                    "value": "dacic"
+                  },
+                  {
+                    "count": 6,
+                    "value": "deepscan"
+                  }
+                ]
+              },
+              "authentihash": "2b8b01562f98a0ef2be8ed5fca24e60c519e47fc0b8d165a6316e50a666e0f4a",
+              "detectiteasy": {
+                "filetype": "PE32",
+                "values": [
+                  {
+                    "version": "2012",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "info": "C++",
+                    "version": "17.00.61030",
+                    "type": "Compiler",
+                    "name": "Microsoft Visual C/C++"
+                  },
+                  {
+                    "version": "11.00.61030",
+                    "type": "Linker",
+                    "name": "Microsoft Linker"
+                  },
+                  {
+                    "version": "2012",
+                    "type": "Tool",
+                    "name": "Visual Studio"
+                  }
+                ]
+              },
+              "last_submission_date": 1699731055,
+              "sigma_analysis_results": [
+                {
+                  "rule_title": "Modification of IE Registry Settings",
+                  "rule_source": "Sigma Integrated Rule Set (GitHub)",
+                  "match_context": [
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "%HTTP_PROXY%:8080",
+                        "TargetObject": "HKEY_USERS\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer"
+                      }
+                    },
+                    {
+                      "values": {
+                        "EventID": "13",
+                        "EventType": "SetValue",
+                        "Details": "46 00 00 00 05 01 00 00 03 00 00 00 14 00 00 00 65 78 74 72 61 63 74 6F 72 2E 70 72 6F 78 79 3A 38 30 38 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 5C 01 4D C1 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
+                        "TargetObject": "HKEY_USERS\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings"
+                      }
+                    }
+                  ],
+                  "rule_level": "low",
+                  "rule_description": "Detects modification of the registry settings used for Internet Explorer and other Windows components that use these settings. An attacker can abuse this registry key to add a domain to the trusted sites Zone or insert javascript for persistence",
+                  "rule_author": "frack113",
+                  "rule_id": "7ca43f2acf2c039e776af286dca2b5216d23967e6e8fe43dd5a5cc95f86e52e5"
+                }
+              ],
+              "meaningful_name": "c258f603978708b2e30e9f8e8b96add6.virus",
+              "downloadable": true,
+              "crowdsourced_ids_stats": {
+                "high": 0,
+                "info": 0,
+                "medium": 2,
+                "low": 3
+              },
+              "trid": [
+                {
+                  "file_type": "Win32 Executable MS Visual C++ (generic)",
+                  "probability": 47.3
+                },
+                {
+                  "file_type": "Win64 Executable (generic)",
+                  "probability": 15.9
+                },
+                {
+                  "file_type": "Win32 Dynamic Link Library (generic)",
+                  "probability": 9.9
+                },
+                {
+                  "file_type": "Win16 NE executable (generic)",
+                  "probability": 7.6
+                },
+                {
+                  "file_type": "Win32 Executable (generic)",
+                  "probability": 6.8
+                }
+              ],
+              "sigma_analysis_summary": {
+                "Sigma Integrated Rule Set (GitHub)": {
+                  "high": 0,
+                  "medium": 0,
+                  "critical": 0,
+                  "low": 1
+                }
+              },
+              "sandbox_verdicts": {
+                "C2AE": {
+                  "category": "malicious",
+                  "confidence": 50,
+                  "sandbox_name": "C2AE",
+                  "malware_classification": [
+                    "ADWARE"
+                  ],
+                  "malware_names": [
+                    "AdwareSoftpulse"
+                  ]
+                }
+              },
+              "sha256": "a458964292e857eb74645da1c0e0e9ac73093be1e4f80caa97c110cae01f605d",
+              "type_extension": "exe",
+              "tags": [
+                "peexe",
+                "signed",
+                "overlay"
+              ],
+              "crowdsourced_ids_results": [
+                {
+                  "rule_category": "successful-recon-limited",
+                  "alert_severity": "medium",
+                  "rule_msg": "PROTOCOL-ICMP Unusual PING detected",
+                  "rule_raw": "alert icmp $HOME_NET any -> $EXTERNAL_NET any ( msg:\"PROTOCOL-ICMP Unusual PING detected\"; icode:0; itype:8; fragbits:!M; content:!\"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI\",depth 32; content:!\"0123456789abcdefghijklmnopqrstuv\",depth 32; content:!\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\",depth 36; content:!\"WANG2\"; content:!\"cacti-monitoring-system\",depth 65; content:!\"SolarWinds\",depth 72; metadata:policy max-detect-ips drop,ruleset community; reference:url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/; reference:url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/; classtype:successful-recon-limited; sid:29456; rev:3; )",
+                  "rule_references": [
+                    "https://krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/",
+                    "https://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/"
+                  ],
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "rule_id": "1:29456"
+                },
+                {
+                  "rule_category": "attempted-recon",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "medium",
+                  "rule_msg": "PROTOCOL-ICMP traceroute",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP traceroute\"; itype:8; ttl:1; metadata:ruleset community; classtype:attempted-recon; sid:385; rev:8; )",
+                  "rule_id": "1:385"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "(eth) truncated ethernet header",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert ( gid:116; sid:424; rev:2; msg:\"(eth) truncated ethernet header\"; metadata: policy max-detect-ips drop, rule-type decode; classtype:misc-activity;)",
+                  "rule_id": "116:424"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "PROTOCOL-ICMP PING",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP PING\"; icode:0; itype:8; metadata:ruleset community; classtype:misc-activity; sid:384; rev:8; )",
+                  "rule_id": "1:384"
+                },
+                {
+                  "rule_category": "misc-activity",
+                  "rule_url": "https://www.snort.org/downloads/#rule-downloads",
+                  "alert_severity": "low",
+                  "rule_msg": "PROTOCOL-ICMP Echo Reply",
+                  "rule_source": "Snort registered user ruleset",
+                  "rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP Echo Reply\"; icode:0; itype:0; metadata:ruleset community; classtype:misc-activity; sid:408; rev:8; )",
+                  "rule_id": "1:408"
+                }
+              ],
+              "last_analysis_date": 1699731055,
+              "unique_sources": 1,
+              "first_submission_date": 1699731055,
+              "sha1": "26cc6e96d09525e0eb56b142a4117394737ed8d5",
+              "ssdeep": "24576:bQiuMT98w+0d82/wG4ZqItFPqh6pZRj35fdcuIM8:b/T9N2zsItFa6pZquq",
+              "md5": "c258f603978708b2e30e9f8e8b96add6",
+              "pe_info": {
+                "resource_details": [
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 7.5411224365234375,
+                    "chi2": 881710.25,
+                    "filetype": "unknown",
+                    "sha256": "73d36b2158fd5cd745836e141ac85e531bc9c110e48ed4814728a3da17c19f03",
+                    "type": "NSA"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.1853718757629395,
+                    "chi2": 701051.31,
+                    "filetype": "unknown",
+                    "sha256": "70acd63d8db53cf853ed7eb70c8ebb036d83b4e083843b3f3791b6b7daf08ec7",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.375561714172363,
+                    "chi2": 360666.34,
+                    "filetype": "unknown",
+                    "sha256": "ee455d0e561e7d5ea1d5714399f3fba4060857078fcba941f444d0b05814c5e7",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 5.8222455978393555,
+                    "chi2": 116489.03,
+                    "filetype": "unknown",
+                    "sha256": "28285fb4365cbb7e4571bc946d9afdd3896f4bea1550e063e4aa1967b187859f",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 6.482567310333252,
+                    "chi2": 13971,
+                    "filetype": "unknown",
+                    "sha256": "34f155a1ab683319f823dfebe29c4a72e16bfbc8cb1ee0b6bee28dce5a483851",
+                    "type": "RT_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 2.6230783462524414,
+                    "chi2": 4612.06,
+                    "filetype": "ICO",
+                    "sha256": "822952416183dc59088127325e52faebc96d08a97d76bd9202cc4880de84f48e",
+                    "type": "RT_GROUP_ICON"
+                  },
+                  {
+                    "lang": "SPANISH MODERN",
+                    "entropy": 3.230212450027466,
+                    "chi2": 36494.24,
+                    "filetype": "unknown",
+                    "sha256": "cc268e5a14b0bb38926bd8b4886fe2207a245d604b3ed0f9b0688d6131276a99",
+                    "type": "RT_VERSION"
+                  },
+                  {
+                    "lang": "ENGLISH US",
+                    "entropy": 5.185309410095215,
+                    "chi2": 14751.69,
+                    "filetype": "unknown",
+                    "sha256": "dacf4512783597368cddc18b8b21fc109c4d1e78db5dc7525ee54ec12164583a",
+                    "type": "RT_MANIFEST"
+                  }
+                ],
+                "rich_pe_header_hash": "1f5b6c5bb35204cab60e88fecf85ab9d",
+                "imphash": "9d9a8cc1640d2e7ac16d94ce528246d3",
+                "overlay": {
+                  "entropy": 6.935932636260986,
+                  "offset": 1224704,
+                  "chi2": 14431.94,
+                  "filetype": "unknown",
+                  "md5": "df75390941f33ff0a3298add90689ca6",
+                  "size": 4856
+                },
+                "compiler_product_versions": [
+                  "[ C ] VS2008 SP1 build 30729 count=1",
+                  "id: 205, version: 50929 count=19",
+                  "id: 206, version: 50929 count=122",
+                  "[IMP] VS2008 SP1 build 30729 count=13",
+                  "[---] Unmarked objects count=116",
+                  "id: 207, version: 50929 count=54",
+                  "[C++] VS2012 UPD4 build 61030 count=4",
+                  "[RES] VS2012 UPD4 build 61030 count=1",
+                  "id: 151, version: 0 count=1",
+                  "[LNK] VS2012 UPD4 build 61030 count=1"
+                ],
+                "resource_langs": {
+                  "SPANISH MODERN": 7,
+                  "ENGLISH US": 1
+                },
+                "machine_type": 332,
+                "timestamp": 1413455629,
+                "resource_types": {
+                  "RT_VERSION": 1,
+                  "NSA": 1,
+                  "RT_MANIFEST": 1,
+                  "RT_ICON": 4,
+                  "RT_GROUP_ICON": 1
+                },
+                "sections": [
+                  {
+                    "name": ".text",
+                    "chi2": 468152.38,
+                    "virtual_address": 4096,
+                    "flags": "rx",
+                    "raw_size": 83456,
+                    "entropy": 6.53,
+                    "virtual_size": 83196,
+                    "md5": "986f2e34d6d1589db528a435156fa36c"
+                  },
+                  {
+                    "name": ".rdata",
+                    "chi2": 790301.94,
+                    "virtual_address": 90112,
+                    "flags": "r",
+                    "raw_size": 210944,
+                    "entropy": 6.09,
+                    "virtual_size": 210596,
+                    "md5": "9a14ca754a6670bcec8aa838028b7508"
+                  },
+                  {
+                    "name": ".data",
+                    "chi2": 511675.69,
+                    "virtual_address": 303104,
+                    "flags": "rw",
+                    "raw_size": 5120,
+                    "entropy": 3.57,
+                    "virtual_size": 13104,
+                    "md5": "3ebaec1575a522b80a3a0a75eb013a20"
+                  },
+                  {
+                    "name": ".rsrc",
+                    "chi2": 893474.75,
+                    "virtual_address": 319488,
+                    "flags": "r",
+                    "raw_size": 924160,
+                    "entropy": 7.55,
+                    "virtual_size": 924112,
+                    "md5": "0ef1079635eb1697c02cd663b5a514c7"
+                  }
+                ],
+                "import_list": [
+                  {
+                    "library_name": "ADVAPI32.dll",
+                    "imported_functions": [
+                      "RegCloseKey",
+                      "RegOpenKeyExW",
+                      "RegQueryValueExW"
+                    ]
+                  },
+                  {
+                    "library_name": "KERNEL32.dll",
+                    "imported_functions": [
+                      "CloseHandle",
+                      "CreateFileW",
+                      "CreateProcessA",
+                      "DecodePointer",
+                      "DeleteCriticalSection",
+                      "EncodePointer",
+                      "EnterCriticalSection",
+                      "ExitProcess",
+                      "FindResourceExW",
+                      "FindResourceW",
+                      "FlushFileBuffers",
+                      "FreeEnvironmentStringsW",
+                      "FreeLibrary",
+                      "GetACP",
+                      "GetCommandLineA",
+                      "GetCommandLineW",
+                      "GetConsoleCP",
+                      "GetConsoleMode",
+                      "GetCPInfo",
+                      "GetCurrentProcess",
+                      "GetCurrentProcessId",
+                      "GetCurrentThreadId",
+                      "GetEnvironmentStringsW",
+                      "GetFileType",
+                      "GetLastError",
+                      "GetModuleFileNameA",
+                      "GetModuleFileNameW",
+                      "GetModuleHandleExW",
+                      "GetModuleHandleW",
+                      "GetOEMCP",
+                      "GetProcAddress",
+                      "GetProcessHeap",
+                      "GetStartupInfoW",
+                      "GetStdHandle",
+                      "GetStringTypeW",
+                      "GetSystemTimeAsFileTime",
+                      "GetThreadContext",
+                      "HeapAlloc",
+                      "HeapDestroy",
+                      "HeapFree",
+                      "HeapReAlloc",
+                      "HeapSize",
+                      "InitializeCriticalSectionAndSpinCount",
+                      "InterlockedDecrement",
+                      "InterlockedIncrement",
+                      "IsDebuggerPresent",
+                      "IsProcessorFeaturePresent",
+                      "IsValidCodePage",
+                      "LCMapStringW",
+                      "LeaveCriticalSection",
+                      "LoadLibraryExW",
+                      "LoadLibraryW",
+                      "LoadResource",
+                      "LocalFree",
+                      "LockResource",
+                      "MultiByteToWideChar",
+                      "OutputDebugStringW",
+                      "QueryPerformanceCounter",
+                      "RaiseException",
+                      "ReadProcessMemory",
+                      "RtlUnwind",
+                      "SetFilePointerEx",
+                      "SetLastError",
+                      "SetStdHandle",
+                      "SetUnhandledExceptionFilter",
+                      "SizeofResource",
+                      "Sleep",
+                      "TerminateProcess",
+                      "TlsAlloc",
+                      "TlsFree",
+                      "TlsGetValue",
+                      "TlsSetValue",
+                      "UnhandledExceptionFilter",
+                      "VirtualAlloc",
+                      "WideCharToMultiByte",
+                      "WriteConsoleW",
+                      "WriteFile",
+                      "WriteProcessMemory"
+                    ]
+                  },
+                  {
+                    "library_name": "SHLWAPI.dll",
+                    "imported_functions": [
+                      "PathFindFileNameW"
+                    ]
+                  },
+                  {
+                    "library_name": "ole32.dll",
+                    "imported_functions": [
+                      "CoCreateInstance",
+                      "CoInitializeEx",
+                      "CoInitializeSecurity",
+                      "CoSetProxyBlanket"
+                    ]
+                  },
+                  {
+                    "library_name": "OLEAUT32.dll",
+                    "imported_functions": [
+                      "SysAllocStringByteLen",
+                      "SysFreeString",
+                      "SysStringByteLen",
+                      "VariantClear"
+                    ]
+                  }
+                ],
+                "entry_point": 31687
+              },
+              "magic": "PE32 executable (GUI) Intel 80386, for MS Windows",
+              "main_icon": {
+                "raw_md5": "163e827a45773798c58c4dc39f12a2e7",
+                "dhash": "686e76e6c2e8e4e0"
+              },
+              "last_analysis_stats": {
+                "harmless": 0,
+                "type-unsupported": 4,
+                "suspicious": 0,
+                "confirmed-timeout": 0,
+                "timeout": 0,
+                "failure": 1,
+                "malicious": 62,
+                "undetected": 9
+              },
+              "last_analysis_results": {
+                "Bkav": {
+                  "category": "malicious",
+                  "engine_name": "Bkav",
+                  "engine_version": "2.0.0.1",
+                  "result": "W32.AIDetectMalware",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Lionic": {
+                  "category": "undetected",
+                  "engine_name": "Lionic",
+                  "engine_version": "7.5",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Elastic": {
+                  "category": "malicious",
+                  "engine_name": "Elastic",
+                  "engine_version": "4.0.116",
+                  "result": "malicious (high confidence)",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "MicroWorld-eScan": {
+                  "category": "malicious",
+                  "engine_name": "MicroWorld-eScan",
+                  "engine_version": "14.0.409.0",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "FireEye": {
+                  "category": "malicious",
+                  "engine_name": "FireEye",
+                  "engine_version": "35.24.1.0",
+                  "result": "Generic.mg.c258f603978708b2",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "CAT-QuickHeal": {
+                  "category": "malicious",
+                  "engine_name": "CAT-QuickHeal",
+                  "engine_version": "22.00",
+                  "result": "Trojan.Buzus.A4",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Skyhigh": {
+                  "category": "malicious",
+                  "engine_name": "Skyhigh",
+                  "engine_version": "v2021.2.0+4045",
+                  "result": "BehavesLike.Win32.SoftPulse.tc",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "McAfee": {
+                  "category": "malicious",
+                  "engine_name": "McAfee",
+                  "engine_version": "6.0.6.653",
+                  "result": "SoftPulse.a",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Malwarebytes": {
+                  "category": "malicious",
+                  "engine_name": "Malwarebytes",
+                  "engine_version": "4.5.5.54",
+                  "result": "Generic.Malware.AI.DDS",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Zillya": {
+                  "category": "malicious",
+                  "engine_name": "Zillya",
+                  "engine_version": "2.0.0.4992",
+                  "result": "Adware.SoftPulseGen.Win32.1",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Sangfor": {
+                  "category": "malicious",
+                  "engine_name": "Sangfor",
+                  "engine_version": "2.23.0.0",
+                  "result": "Trojan.Win32.Save.a",
+                  "method": "blacklist",
+                  "engine_update": "20231026"
+                },
+                "K7AntiVirus": {
+                  "category": "malicious",
+                  "engine_name": "K7AntiVirus",
+                  "engine_version": "12.124.50172",
+                  "result": "Riskware ( 0040eff71 )",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "BitDefender": {
+                  "category": "malicious",
+                  "engine_name": "BitDefender",
+                  "engine_version": "7.2",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "K7GW": {
+                  "category": "malicious",
+                  "engine_name": "K7GW",
+                  "engine_version": "12.124.50171",
+                  "result": "Riskware ( 0040eff71 )",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "CrowdStrike": {
+                  "category": "malicious",
+                  "engine_name": "CrowdStrike",
+                  "engine_version": "1.0",
+                  "result": "win/grayware_confidence_90% (D)",
+                  "method": "blacklist",
+                  "engine_update": "20220812"
+                },
+                "Baidu": {
+                  "category": "malicious",
+                  "engine_name": "Baidu",
+                  "engine_version": "1.0.0.2",
+                  "result": "Win32.Adware.Generic.am",
+                  "method": "blacklist",
+                  "engine_update": "20190318"
+                },
+                "VirIT": {
+                  "category": "malicious",
+                  "engine_name": "VirIT",
+                  "engine_version": "9.5.576",
+                  "result": "Trojan.Win32.DownLoader11.CBUT",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "SymantecMobileInsight": {
+                  "category": "type-unsupported",
+                  "engine_name": "SymantecMobileInsight",
+                  "engine_version": "2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230119"
+                },
+                "Symantec": {
+                  "category": "malicious",
+                  "engine_name": "Symantec",
+                  "engine_version": "1.21.0.0",
+                  "result": "SMG.Heur!gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "tehtris": {
+                  "category": "malicious",
+                  "engine_name": "tehtris",
+                  "engine_version": "v0.1.4-109-g76614fd",
+                  "result": "Generic.Malware",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "ESET-NOD32": {
+                  "category": "malicious",
+                  "engine_name": "ESET-NOD32",
+                  "engine_version": "28224",
+                  "result": "Win32/SoftPulse.O potentially unwanted",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cynet": {
+                  "category": "malicious",
+                  "engine_name": "Cynet",
+                  "engine_version": "4.0.0.28",
+                  "result": "Malicious (score: 100)",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "APEX": {
+                  "category": "malicious",
+                  "engine_name": "APEX",
+                  "engine_version": "6.474",
+                  "result": "Malicious",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Paloalto": {
+                  "category": "undetected",
+                  "engine_name": "Paloalto",
+                  "engine_version": "0.9.0.1003",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "ClamAV": {
+                  "category": "malicious",
+                  "engine_name": "ClamAV",
+                  "engine_version": "1.2.1.0",
+                  "result": "Win.Adware.MultiPlug-2",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Kaspersky": {
+                  "category": "malicious",
+                  "engine_name": "Kaspersky",
+                  "engine_version": "22.0.1.28",
+                  "result": "HEUR:Trojan.Win32.Agent.gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Alibaba": {
+                  "category": "undetected",
+                  "engine_name": "Alibaba",
+                  "engine_version": "0.3.0.5",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20190527"
+                },
+                "NANO-Antivirus": {
+                  "category": "malicious",
+                  "engine_name": "NANO-Antivirus",
+                  "engine_version": "1.0.146.25796",
+                  "result": "Trojan.Win32.Agent.dwscqm",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "ViRobot": {
+                  "category": "undetected",
+                  "engine_name": "ViRobot",
+                  "engine_version": "2014.3.20.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Rising": {
+                  "category": "malicious",
+                  "engine_name": "Rising",
+                  "engine_version": "25.0.0.27",
+                  "result": "Trojan.Injector!1.AE3D (CLASSIC)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Trustlook": {
+                  "category": "type-unsupported",
+                  "engine_name": "Trustlook",
+                  "engine_version": "1.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TACHYON": {
+                  "category": "undetected",
+                  "engine_name": "TACHYON",
+                  "engine_version": "2023-11-11.02",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Sophos": {
+                  "category": "malicious",
+                  "engine_name": "Sophos",
+                  "engine_version": "2.3.1.0",
+                  "result": "SoftPulse (PUA)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "F-Secure": {
+                  "category": "malicious",
+                  "engine_name": "F-Secure",
+                  "engine_version": "18.10.1547.307",
+                  "result": "PotentialRisk.PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "DrWeb": {
+                  "category": "malicious",
+                  "engine_name": "DrWeb",
+                  "engine_version": "7.0.61.8090",
+                  "result": "Trojan.Domaiq.537",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "VIPRE": {
+                  "category": "malicious",
+                  "engine_name": "VIPRE",
+                  "engine_version": "6.0.0.35",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TrendMicro": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro",
+                  "engine_version": "11.0.0.1006",
+                  "result": "ADW_PULSOFT.SM",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Trapmine": {
+                  "category": "malicious",
+                  "engine_name": "Trapmine",
+                  "engine_version": "4.0.14.97",
+                  "result": "malicious.high.ml.score",
+                  "method": "blacklist",
+                  "engine_update": "20231106"
+                },
+                "CMC": {
+                  "category": "undetected",
+                  "engine_name": "CMC",
+                  "engine_version": "2.4.2022.1",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230822"
+                },
+                "Emsisoft": {
+                  "category": "malicious",
+                  "engine_name": "Emsisoft",
+                  "engine_version": "2022.6.0.32461",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57 (B)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "SentinelOne": {
+                  "category": "malicious",
+                  "engine_name": "SentinelOne",
+                  "engine_version": "23.4.0.1",
+                  "result": "Static AI - Malicious PE",
+                  "method": "blacklist",
+                  "engine_update": "20231018"
+                },
+                "Avast-Mobile": {
+                  "category": "type-unsupported",
+                  "engine_name": "Avast-Mobile",
+                  "engine_version": "231111-00",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Jiangmin": {
+                  "category": "malicious",
+                  "engine_name": "Jiangmin",
+                  "engine_version": "16.0.100",
+                  "result": "Adware/Agent.hhi",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Webroot": {
+                  "category": "malicious",
+                  "engine_name": "Webroot",
+                  "engine_version": "1.0.0.403",
+                  "result": "Pua.Tuguu",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Varist": {
+                  "category": "malicious",
+                  "engine_name": "Varist",
+                  "engine_version": "6.5.1.2",
+                  "result": "W32/A-f3bed9f9!Eldorado",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Avira": {
+                  "category": "malicious",
+                  "engine_name": "Avira",
+                  "engine_version": "8.3.3.16",
+                  "result": "PUA/SoftPulse.oanm",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Antiy-AVL": {
+                  "category": "malicious",
+                  "engine_name": "Antiy-AVL",
+                  "engine_version": "3.0",
+                  "result": "Trojan/Win32.Injector.dsqr",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Kingsoft": {
+                  "category": "malicious",
+                  "engine_name": "Kingsoft",
+                  "engine_version": "None",
+                  "result": "malware.kb.a.998",
+                  "method": "blacklist",
+                  "engine_update": "20230906"
+                },
+                "Microsoft": {
+                  "category": "failure",
+                  "engine_name": "Microsoft",
+                  "engine_version": "1.1.23100.2009",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Gridinsoft": {
+                  "category": "malicious",
+                  "engine_name": "Gridinsoft",
+                  "engine_version": "1.0.147.174",
+                  "result": "Adware.Win32.Downloader.vl!c",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Xcitium": {
+                  "category": "malicious",
+                  "engine_name": "Xcitium",
+                  "engine_version": "36167",
+                  "result": "Application.Win32.SoftPulse.D@5htsrg",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Arcabit": {
+                  "category": "malicious",
+                  "engine_name": "Arcabit",
+                  "engine_version": "2022.0.0.18",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "SUPERAntiSpyware": {
+                  "category": "malicious",
+                  "engine_name": "SUPERAntiSpyware",
+                  "engine_version": "5.6.0.1032",
+                  "result": "PUP.SoftPulse/Variant",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "ZoneAlarm": {
+                  "category": "malicious",
+                  "engine_name": "ZoneAlarm",
+                  "engine_version": "1.0",
+                  "result": "HEUR:Trojan.Win32.Agent.gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "GData": {
+                  "category": "malicious",
+                  "engine_name": "GData",
+                  "engine_version": "A:25.36807B:27.33823",
+                  "result": "Win32.Trojan.PSE.117GBV0",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Google": {
+                  "category": "malicious",
+                  "engine_name": "Google",
+                  "engine_version": "1699727431",
+                  "result": "Detected",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "BitDefenderFalx": {
+                  "category": "type-unsupported",
+                  "engine_name": "BitDefenderFalx",
+                  "engine_version": "2.0.936",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20230921"
+                },
+                "AhnLab-V3": {
+                  "category": "malicious",
+                  "engine_name": "AhnLab-V3",
+                  "engine_version": "3.24.0.10447",
+                  "result": "Trojan/Win.Agent.R121603",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Acronis": {
+                  "category": "malicious",
+                  "engine_name": "Acronis",
+                  "engine_version": "1.2.0.121",
+                  "result": "suspicious",
+                  "method": "blacklist",
+                  "engine_update": "20230828"
+                },
+                "BitDefenderTheta": {
+                  "category": "undetected",
+                  "engine_name": "BitDefenderTheta",
+                  "engine_version": "7.2.37796.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231023"
+                },
+                "ALYac": {
+                  "category": "malicious",
+                  "engine_name": "ALYac",
+                  "engine_version": "1.1.3.1",
+                  "result": "DeepScan:Generic.Dacic.6A7C1CCE.A.E8C25F57",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "MAX": {
+                  "category": "malicious",
+                  "engine_name": "MAX",
+                  "engine_version": "2023.1.4.1",
+                  "result": "malware (ai score=84)",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "DeepInstinct": {
+                  "category": "malicious",
+                  "engine_name": "DeepInstinct",
+                  "engine_version": "3.1.0.15",
+                  "result": "MALICIOUS",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "VBA32": {
+                  "category": "malicious",
+                  "engine_name": "VBA32",
+                  "engine_version": "5.0.0",
+                  "result": "BScope.Adware.SoftPulse",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cylance": {
+                  "category": "malicious",
+                  "engine_name": "Cylance",
+                  "engine_version": "2.0.0.0",
+                  "result": "unsafe",
+                  "method": "blacklist",
+                  "engine_update": "20231108"
+                },
+                "Panda": {
+                  "category": "malicious",
+                  "engine_name": "Panda",
+                  "engine_version": "4.6.4.2",
+                  "result": "Trj/Genetic.gen",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Zoner": {
+                  "category": "undetected",
+                  "engine_name": "Zoner",
+                  "engine_version": "2.2.2.0",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "TrendMicro-HouseCall": {
+                  "category": "malicious",
+                  "engine_name": "TrendMicro-HouseCall",
+                  "engine_version": "10.0.0.1040",
+                  "result": "ADW_PULSOFT.SM",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Tencent": {
+                  "category": "malicious",
+                  "engine_name": "Tencent",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.Win32.Buzuse.oyxu",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Yandex": {
+                  "category": "malicious",
+                  "engine_name": "Yandex",
+                  "engine_version": "5.5.2.24",
+                  "result": "Riskware.Agent!uyYDPXQO2Fs",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Ikarus": {
+                  "category": "malicious",
+                  "engine_name": "Ikarus",
+                  "engine_version": "6.2.4.0",
+                  "result": "PUA.DigitalPlugin",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "MaxSecure": {
+                  "category": "malicious",
+                  "engine_name": "MaxSecure",
+                  "engine_version": "1.0.0.1",
+                  "result": "Adware.softplus.g",
+                  "method": "blacklist",
+                  "engine_update": "20231110"
+                },
+                "Fortinet": {
+                  "category": "malicious",
+                  "engine_name": "Fortinet",
+                  "engine_version": "None",
+                  "result": "Riskware/SoftPulse",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "AVG": {
+                  "category": "malicious",
+                  "engine_name": "AVG",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:PUP-gen [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                },
+                "Cybereason": {
+                  "category": "undetected",
+                  "engine_name": "Cybereason",
+                  "engine_version": "1.2.449",
+                  "result": null,
+                  "method": "blacklist",
+                  "engine_update": "20231102"
+                },
+                "Avast": {
+                  "category": "malicious",
+                  "engine_name": "Avast",
+                  "engine_version": "23.9.8494.0",
+                  "result": "Win32:PUP-gen [PUP]",
+                  "method": "blacklist",
+                  "engine_update": "20231111"
+                }
+              },
+              "reputation": 0,
+              "sigma_analysis_stats": {
+                "high": 0,
+                "medium": 0,
+                "critical": 0,
+                "low": 1
+              }
+            },
+            "type": "file",
+            "id": "a458964292e857eb74645da1c0e0e9ac73093be1e4f80caa97c110cae01f605d",
+            "links": {
+              "self": "https://www.virustotal.com/api/v3/files/a458964292e857eb74645da1c0e0e9ac73093be1e4f80caa97c110cae01f605d"
+            }
+          }
+        ]
+}
\ No newline at end of file