{"report_id":"66aa8f13-17d5-486d-9ed7-a243e3fd394e","version":6,"status":"done","tags":[],"date":"2024-06-17T14:41:56Z","url":{"schema":"http","addr":"www.scalabium.com/download/sme/sme500d12.zip","fqdn":"www.scalabium.com","domain":"scalabium.com","tld":"com"},"ip":{"addr":"216.120.242.62","port":0,"asn":23535,"as":"HOSTROCKET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T13:02:49Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-06-15 18:30:36","alert_count":0,"request_count":7,"received_data":6216,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.scalabium.com","ip":{"addr":"216.120.242.62","port":443,"asn":23535,"as":"HOSTROCKET","country":"United States","country_code":"US"},"domain_registered":"2000-05-20","domain_rank":0,"first_seen":"2017-02-02 01:34:06","last_seen":"2023-12-06 11:00:44","alert_count":0,"request_count":1,"received_data":1757152,"sent_data":498,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"64b5840aa7ae225d08567e4dc3e95193","sha1":"91d3ea270fc6e192e17ca9c9aba5ad0d55d75d04","sha256":"6844617d26b19a4a45d0a2a299b304c758345b5f129e4edbcc6cedd05c8c6149","sha512":"55ed6738275495722e991fe1edf2725459afbe2ad50e0383a20f5111820dcdb85b4532de14dca1c598c9e1dcfdd245cc21f75d124f2e4bf53d917b555679e9ec","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":1756908,"url":{"schema":"https","addr":"www.scalabium.com/download/sme/sme500d12.zip","fqdn":"www.scalabium.com","domain":"scalabium.com","tld":"com"},"ip":{"addr":"216.120.242.62","port":443,"asn":23535,"as":"HOSTROCKET","country":"United States","country_code":"US"},"archive":[{"path":"D12/copyfiles.res","filename":"copyfiles.res","modified":"","Modified":"2018-11-19T01:55:00+02:00","magic":"MSVC .res","size":28228,"md5":"89f3dec20bdf10b24eb80b64c776085a","sha1":"8c98368f5aafb34adaa31cbb4a209b74053c6ccc","sha256":"f19556972fa55d18327da44daf5d26fb03530f90a3adf8b0efe92ebd23b1c0ea","sha512":"4028c59a7b6867ec5dfa5f5c7765a56789fad11ef554315a9d2094510e31a4adb5a8a28c228c822f8447264c721c7b517f29d0c0c13f736eb5a477692b46c0de","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/ExCnst.dcu","filename":"ExCnst.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":23656,"md5":"5797a492b33326f31ae7e2195e0be075","sha1":"eb2b0929141714e5c3d0b125f4a3f84cf02c47f1","sha256":"fba793517c49a593740e794dfa2c9885a060842fabe3a4ff9a9d8adc30d3e728","sha512":"ffa7cfed8df6bf2307e7e86e35ff4fb9c8285e64c07da4add283f8365a86a12f0c7f99455ab6ffdbc05b21a54d98c608c9557ec3bc7d0ab075484a65c58c5d28","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/ExCnst.hpp","filename":"ExCnst.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":12339,"md5":"8950dd7e860e08a419a563c0adb284cf","sha1":"490c292819c8b74b2d6e8a21f31c175433490a7d","sha256":"af7df90adf009ad51187b1938b16660b84563f566a4cc663c024214b509c832b","sha512":"a1bf83970fb432af78726c35c23dc0e55cb970b8892723a11cd810be49e4939ce5aef9cc219d17ca451cc9b0a4d2f77695ec8fe7c75c04703329be612fdf1b49","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/ExportDS.dcr","filename":"ExportDS.dcr","modified":"","Modified":"2021-11-21T23:48:00+02:00","magic":"MSVC .res","size":34600,"md5":"3cab1f4a90fea85e858e62619574c300","sha1":"aa54c3569b915f37c8f0bce218e18c599a092a5d","sha256":"96c096fe82d098d28ff61d1ed85e30cf47586dc1c3e83906d97204bfef6bf074","sha512":"7db1ae0cdca7a9e2ae895c20c670c229e914dc5293d1aba1db1ef73637c7ce833e22efa1ed2e6b81bc97040606a1e56f298f76a719227f97289ccd337092df79","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/ExportDS.dcu","filename":"ExportDS.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":133821,"md5":"4722933f7baf7cea5b627db2395c4aaf","sha1":"80e2da306a735f8b9a1666e0a0b0f73f9097c64e","sha256":"a4cfa7550e339bde34f171e20cfe9a3589c01c56b01cc9f95fcd36be5c74f956","sha512":"7a1d45ac3b25a37c17763cd4b1ddd5dae680d1b1ce4688de6fe14b73f3ecf039bd94fe2c7f6ba0bdc31b11987d82b24146db0e0916f2f46076770dddc976efda","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/ExportDS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/ExportDS.hpp","filename":"ExportDS.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (322), with CRLF line terminators","size":36013,"md5":"a2f5a0b115acabb512f10ca115c58157","sha1":"cf3f159407e6fb2a82826a71c5c22d3eaba1f1b2","sha256":"802ec29cb3145fd1e63ae70a897c3d66bc3df82e26a6d5daccf8c1cc78b0054e","sha512":"4ad3981092dd6e239a030f2c649d4c2c1feacfb6b08abc609f1bde29965a6f362e1affd1d8477ed1c3f47fc9ea41f8332c58927a86cf92b615b4149311a5e3e9","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME.INC","filename":"SME.INC","modified":"","Modified":"2023-11-19T20:21:14+02:00","magic":"ASCII text, with CRLF line terminators","size":14412,"md5":"33b05925e6ee371cd517fde9e981ebdc","sha1":"3fa067b8627c9b06b698b955de6a21b33ad4d9dc","sha256":"31ee0911cacdf5ef59625932e65a1f043e214d610333785b0a0eb43587037945","sha512":"1cbd9572fbb78ab443afe4a55a26131215af59431db5ad1b510a246e22d9ef3d0810a9f03dedcee6137332b19b4b8a12a12b75ed6825c074d1538e9184f55607","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME.RES","filename":"SME.RES","modified":"","Modified":"2015-01-08T16:46:14+02:00","magic":"MSVC .res","size":2780,"md5":"9b15806faaaed099300c24b5e31f48ad","sha1":"f485a9eb2a3a01e273eb1dd86d854efa06e8d782","sha256":"5044766dc444836505082600e9e722be94d0741c86b73015f466371fd67c9291","sha512":"7b66a9460b265fce4e9efe4861bd4cf8d790e0c82c8d7b9dcb4f1164d3a7def0728199dc260f7f34d4d4710d011b8dc0bf3bcfb6b3f5af202e2303a2f9e19b6a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2ADO.dcu","filename":"SME2ADO.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":25952,"md5":"e4b49d4c5e1fc2dc32cc4b0d34655201","sha1":"314d3e5eb0922401b8dfbdc3ad77b574dfb839ef","sha256":"0baa6699b7496efa245e8961389886e495fcaf8f7d8c447ecbf1c94d3ad8a290","sha512":"4e57f001a0f296b8af845f328a2d2219341e39c322c65b3db253e8ab48bae93993c71f2f2edb4849f3e0eb4a22d9b38b8263fcacc311e25dedbeaa0a357c032d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2ADO.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2ADO.hpp","filename":"SME2ADO.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2997,"md5":"833c3dfcd1f748974913fcb22da09e48","sha1":"da8d50eb289a3539203b240c9decaba729378d60","sha256":"ee065c6f0dad40b3607a62f9e4b4e5424185cab66ce6117d066783fbfd7e10a1","sha512":"e7f7ec1c3744d5978d81f448dd57c72371b59645227c4d1a302bc7745753b7e3413cab02ddf99f3a2a77bf8e5aa761b23cccfb1d9db4342509eb57619a8d789e","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2BDE.dcu","filename":"SME2BDE.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":18161,"md5":"24461cfa27ed94e367b1a23cf6b6b5e1","sha1":"10d0dfe160cc22ee53f92c1f394a5e0a0b256bec","sha256":"7f3184892eca3be55cf80ab4ad4dc2ce67a78f603e0e19dd092ff665c840797e","sha512":"23102beaea984b7db1e5d5db4b4870697e115ec952ef96746ddbe698f6564ba1e1637d2b682a54b00128391495275d8f423355c90e6b7f5f991280677ba21971","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2BDE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2BDE.hpp","filename":"SME2BDE.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4311,"md5":"c0f48a2154cb658c7e21a8a82e59b89d","sha1":"44815388381b3e0bfb470a9cda33576d0e09d769","sha256":"0d8ca948825986d8e62b2ae46691eb41c9e4992087c107474eb639c840a203f1","sha512":"870fb9a3b940e588830e2fa96d59b467d1dd31316769ff49d7c287ab0ef1c4121c4496be32a084d5a5700ff2a5ead3e35ae10bd6fcfa0691a597c664ef1726e3","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2Cell.dcu","filename":"SME2Cell.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":29060,"md5":"59ca8395b8900817a980f9f0dd110d81","sha1":"7b8e90c692dd994abe347e18ba68c6a35f8b60ff","sha256":"a012469817d64f76786969df029695ae915fdf0a0af5caee08efde1112ce623a","sha512":"cd0a29d652424091b2ac22e3e20634438dac865889088235d31b41c20a73657f6f086049676635c6b472c46fc6280470fcb5336005989f44d4b2c188e79770c1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2Cell.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2Cell.hpp","filename":"SME2Cell.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":6241,"md5":"b80bd96534794fbf49fe39f90edc733e","sha1":"dbe8fbe00271873a6ae677cf5c2ba8c5b5a5a039","sha256":"3939d79c190358a471defdea849ebc25cfa07631ef4ffc3370770ad3215d37d0","sha512":"eab6891d312588559d07877ad73caa5c695c264122ad1c30d07a80c05dc54ad35448e67dbbf469a6d22433760c7f752802e83e570b122d8b6b40fb1c7aaf7352","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2CLP.dcu","filename":"SME2CLP.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":8208,"md5":"f771ed732d5dcb32d5da9088fa8ead4b","sha1":"2f6a922e0bcc45ad4a1f9837152bef356b6708db","sha256":"b232143534e44bcefa5ef1975a74656af0f96f6ad309037cc31e5ab550d2d2db","sha512":"e7b55245d327152af93d22bb319c554b0c7e3fa7ec1183810a4dcafd529a4c39fff149807e380dd1e47b969d62d5e75b8ad90269870fd422391661ade78e5755","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2CLP.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2CLP.hpp","filename":"SME2CLP.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2121,"md5":"15be3fce5a8a90cabee3c8fbab069d9b","sha1":"b5db55e124491db192833f5ac2c8ba617192b2dd","sha256":"64280e3b8abc80d85b6f58211d046a4900e0fd453cb65bb3461c1396c8f48572","sha512":"63926622d782e3982be9aa6526720a06124e210ca4fd7bf0433a5866c2ce4b518e49836b3fc9304db87699e47c85aa9d39deb5635ea7afe04772b0c966acd4bd","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2DBF.dcu","filename":"SME2DBF.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":24990,"md5":"7d320ec5c9b151d02173cbe184fb5097","sha1":"177f2ea51b31b6942b7ae57ffd243bd4e026a430","sha256":"b3019b170c040280e805cf013dc1530143960f62285fc0f5564a5b71b1faa572","sha512":"f68979a3f0a89acd6a04122da960c5f6b7072c84af50ce9eefe6c2fe5d2a9d54f47337f8fbeb5eb2e38b43b23748315d8d6ba65625d49c7294220bf46662cd4a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DBF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2DBF.hpp","filename":"SME2DBF.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":6159,"md5":"c9919cddb7b30ce542eccf09a068d67e","sha1":"d3209203f461e63f71320f62158aef73507bf256","sha256":"b63621ad55c9fe6768fa79ab0c9866b1087c2efe62a43d2f193622bb1b81fd17","sha512":"90727cd9d5b0676398d031646d9f2e8cf6b35ef883acb8bf6beeccb38f831100d433b48dc7d2cf82121498af159869ca28cf14c6c40716b9363f9a1ce46e6b56","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2DIF.dcu","filename":"SME2DIF.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":7502,"md5":"21a7adf34ee410bd028d22b67482ce71","sha1":"f843426eed26bd8badd1b96f3633811141ecef05","sha256":"e1d20742276b0cc81ebd94a785c0f6acb984347068d100159cff167fbe4d72e6","sha512":"0ef0f54323fd54a952657833c8127398f275e4bf6e2a5f484ca2dbe7d0999d2468599df5ac5ddb1e5561d0493f538b15603839e00c3df15c3d1bf8c7e2e4635a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DIF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2DIF.hpp","filename":"SME2DIF.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2284,"md5":"c2263a362ff07c3b70bafb07ee1ec25b","sha1":"cd9e377040016391d1bf59f97718fd248cbd4c24","sha256":"4d80c981672510cae7c6e5a81b195dd27bf0a38769f3eace0192e79e6313d6f1","sha512":"1de770a27a64f89af7768fa33218c4255601e6289006e00a1985af6f7e7bdf6c10f006805f8473d5073d3adb52b84d60aab2f171e538cd291cb81db885cf5717","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2DOCX.dcu","filename":"SME2DOCX.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":82207,"md5":"fd2571fda777d75105d1eeca279ed945","sha1":"566ffb5e3321ecf6e8b3df9e061e48bb286becde","sha256":"049a5d5a097f6a7f03f1125df324686d170549d61dfc282ee9fd0ad678bfa3fd","sha512":"c2377d78402ab92fa39120629613ae153f9d005937669e20d5356a04c59bf96876ff71e9582c0f71c0bd4bf59c5f1aadcedec7612fbd12ced2522ce901a173f2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DOCX.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2DOCX.hpp","filename":"SME2DOCX.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":12547,"md5":"60b462ae1333689ca1ec216b63d6d7fb","sha1":"7d65b737747e87501ab289b2312cd2ffdb4f3455","sha256":"aca9d2574f505777fef89b205e6ac37120c287a0a3aaa6fdf848775e3687ede1","sha512":"2620d726b1b88282f8a1cf3ca30db4c78e724d524f8de5f5053bebc8ceab368c21733ebd3ea461fc4ad92ec2ee75a8bcaee8f2a9d4c8e9b0e946a4fbb06d1695","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2DS.dcu","filename":"SME2DS.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":9558,"md5":"af4150fd32d8090dcd8f364c6ca23b15","sha1":"240583c8cde1db7e7bbeff47bd38109a60fec81f","sha256":"55c569e12fba0804cc1b0d02cfc1867be379b2127ec6e448db66feb79f370ee9","sha512":"063477d92869474d535cbe3403c592312409a1993bb4b09f86ee46ee9a4d7cec9f4ce31d414e77dc2b62c5fec64258747af811f466817c14e942973763ee1809","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2DS.hpp","filename":"SME2DS.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2520,"md5":"51580a20169cb7ec3600d5839090054c","sha1":"c0febe19f9f1d80e6880e075a11c08b5fa07d551","sha256":"4d26fbe6707e419257fa53ce04b4880c4c810663e33cd534b2de016d83393b6e","sha512":"d22cb400e81d3c9179b57d8f1c1c5640da94426dd952e74cb857f0c043f66c6dc7eff94f7d3b2a7179a36ea53889d74a795ef6c66b28822c8b122744dbeb9f46","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2EXML.dcu","filename":"SME2EXML.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":27772,"md5":"a99106571dc0503ec8ec00ef72088b8e","sha1":"68b9e7d4cbf1ca84b740214307d0a795127351ba","sha256":"be3e975ba16c736049615f184c840ecf1fbc03beaa884f48361bfa4c648e33c0","sha512":"3bf17841e15a34205c7ec9a0acad31548b841a5a3d90f922271a6c6f6c0e96e75797b3b85a6a9aef5fb35b706ae6e5192f85a91b3ab38130db9f05918009fe5c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2EXML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2EXML.hpp","filename":"SME2EXML.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4015,"md5":"ce26c28f7541be276c47d0c9a15ab9e2","sha1":"785d3c6581d6e2ba1d78053f5140e9bd3272104d","sha256":"5737077119a54aa0349515c0e099dc893676b2df79c1addd32e3cfbbad267eeb","sha512":"df8cbc15bb2eb200e162762b4cdc04bac08b198b42fd4e3a721ff91b32d51001a3411fd6cd16d94ccd34d6fb8ec3effc8d6aa39e4fa42aa9d7855e5de3bb5227","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2HTML.dcu","filename":"SME2HTML.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":26502,"md5":"79ce865603038b4d6470abb03c3bb528","sha1":"5fc71b42f09933226d5e61ca48340a57a4a4787a","sha256":"e2e10c27d06a97c85cd1e8c64326a94ab72b134db6dff085400851d0a57efe15","sha512":"584f5267372ea8b51ef73c56ca59e094298a654ddc8729859424e1981a3496bca55d27ad1874ebee9cc35b63bc19fe2b38728d8f5fc9c3e95bffb712d692c78c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2HTML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2HTML.hpp","filename":"SME2HTML.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":5427,"md5":"d069ca551780bb7cd3e08412e56c1cf4","sha1":"4ffa2efb51c52cb85a7120064d10577ba41574f2","sha256":"fb6386283cce728854dcdd5ed4a2fc17c60438e3342a5328d9a0160dcd143aab","sha512":"ae91b865f6bcce514acc5296558be273cee65aa36f61f20e5c2fd89e211da9f6881bf292b019b7d17898bdd32dc38b97925e5fb3457f14028a5fdbde9fa74142","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2JSON.dcu","filename":"SME2JSON.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":13232,"md5":"b46945f832fd16a7dee5edcff5b35b32","sha1":"ff249c853fc164429dc7bc3591227b8175d77ec8","sha256":"23e1c09c041a78bf7bd2627bf8e530ade29cb838003dad956411d209f2eb7569","sha512":"44e753847e4c70881be9d93b278cc65690a1d4591b5ca4ff88a8a57216ca25e9dc36c387e4a525ead003162dd7b129f6fc639c4e8edf6e381299b79c0dfd4ef2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2JSON.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2JSON.hpp","filename":"SME2JSON.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":3320,"md5":"f8107f48a27badd644cebb25bd334121","sha1":"8a61369243bf4ce05d1676f2dadc5aa5b959a6f0","sha256":"343921bb4b207b2eb9e244d301403e92b67eeda438959bd200ca2369000c280b","sha512":"84ae4830af3c7c9868b2aa691045031e5d7870aaf2eb4c4580547ced69f4824b8b27a5ee386bcc67ecade27b373fa1190332035f55249692ba75cef745bd09a2","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2LDIF.dcu","filename":"SME2LDIF.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":9080,"md5":"89cff4950b18bebc1e4d023535ad13e8","sha1":"e7b8bf48ba5192daf77e55dd646076a71a2ed038","sha256":"4cccf02fb122bceca75ed72fae909448a36c047f79f7d83dcd8ce9c1be7d813a","sha512":"1be536b4f2debdcef108c2c95eefa24c98e6b2496343f0f659ce43bdde04384c7bc91f2e07feb229bb992c381592543574ca6afeb07940af21f3312bbbaf906c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2LDIF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2LDIF.hpp","filename":"SME2LDIF.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2504,"md5":"61e74bead27da5a822ad9e18bf59b5c2","sha1":"b69761e0f2e8bab7fb79e824a8f15716a86978c4","sha256":"e572541d7c5e66275d1baafb4952ae3a3c98b63b59b1f826f1fa57b4ad84fe34","sha512":"64327876762e67110521cd5fb809844aca2ed377d4cfa34b7a82a4e4de6e4f9ac7bf95794bef1ce603a124cbfb24ef1b0e7660d54af1a8733e9d9f0af1b0448f","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2OLE.dcu","filename":"SME2OLE.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":99334,"md5":"fdd59e1764726e7154fd85d996268764","sha1":"f49fd6e8b1a25f6e739e66b0e7afd2073673c4ca","sha256":"64348c0f6f80e754c4180490d9e3bc842cf2faaeaa86969192add9e91c5d1159","sha512":"74a5c65ec66be624490494417b552ab8f63a0179dc2242a2ee845a7caabb079585ac843fd129fdaa5a546bf2152f2953f700b70523b92bdcac4b2f96e45fd22d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2OLE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2OLE.hpp","filename":"SME2OLE.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":14667,"md5":"6ef20f16f63612b2b5f83b67ccdad7da","sha1":"8a126ac33122893cba965c4ca9acae3c2a6296a6","sha256":"2a2d57dd80a6b306efd26aa80e71994b40698619fa433dac295e5dcc4727d370","sha512":"2d179aabaf7a7aaae0d2538106dda5512cd10176e49c9b52efbda5ad1ef7e0845e90afaa4487b93abbc4b0996ab304d4d1824d2490a8bbd543329a490bed488a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PDF.dcu","filename":"SME2PDF.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":79154,"md5":"ed3dfadf5e95540bfefba18644f7623d","sha1":"03a4433a99945f166e6fd0da6a6b827047e5bd34","sha256":"e11ac586a8b6d441c36bd80be574eda5967b06fec2d28ebcc87712049ce2228c","sha512":"0a049050f48ce5fc849133f26ae9b4c05ccedf8c5a2eb2bc1400c700dfe2071ce9943f4671f25cd109745dc7d937c8a741bee2a87dd0172d3da936d5ad75f011","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PDF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2PDF.hpp","filename":"SME2PDF.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":7810,"md5":"7efc019b3cc651ba0c1b8888981b91ad","sha1":"6cc8d021c1a4421eda78dafe91b5debe7e3a7d7f","sha256":"b9ee2f062d63239372dc2f02edc8b1d338c71afa420eb3bfe4e844dae94a410b","sha512":"f710d161b725b576833a07d8558e19fe7369b3e881dbd3b46da74b275f9f9613a205314959c0703bc42339dc4427a0030d294c6adf401f98bc2e1e112c9918fd","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2Pump.dcu","filename":"SME2Pump.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":7391,"md5":"17c586df9bf161fe4c82bc4589bd07aa","sha1":"9251ea184f261cc9f4ff42fea83dcb896b1c5718","sha256":"0a253468200f4f4b55bbf7316cbe0de31dc8e8a484f4364c0334199104ccefe6","sha512":"771c19aa74f7a4a21370847b738513303230c5ff8ea60dbc8b595e555350542f9e4d2534b05c2cc766547125b4385f2a58ea5d407e249bd56cf29e46837ec061","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2Pump.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2Pump.hpp","filename":"SME2Pump.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":3255,"md5":"07cd2a124389a7dd818353617eb29c71","sha1":"3500f80bb2552a2c68b2e42c532a26c64a4c8635","sha256":"66ffa206335834f21a6e6e1e301556d1c4acc3a7aa12a36e93563994ed930f57","sha512":"d066da9e11967167efcd6854c4e522e07d9b5d8691c0cbcefc2be340deca51da0cc4d74b657884881b60b864d05adc8059c971c7c6dd8938ea27aa28f5c05479","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpADO.dcu","filename":"SME2PumpADO.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":528,"md5":"22936056a5dcce05992c8fd8616132e0","sha1":"dd6c9604baadd960d8acc9331984a3843e44848d","sha256":"1b12d086fd046c39da6ee883f9635c51b262349a363e8c5a339ec3dee47ff860","sha512":"16856d9bbaa0581bcfb88fc4887bc1f477c86a5cdba5e1b4825fb83b67034ce710c28a1d82fa818901730659ad4c8cadab80b8d956e8fd76e02f9f6b3d589253","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpADO.hpp","filename":"SME2PumpADO.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1330,"md5":"52cd7e43eef7bde951f454df675e2a97","sha1":"36b4c8e0eebef82044798d5a210f5ecd1c7d4a46","sha256":"d02b5364600deb1a0b985c71427cad4e24b4663f64489c3645675b36049a75f8","sha512":"6c69017eea62874b75e80628ae8099fb3d1cdfc2d66506955a866ad1536a64ae498ae7ba41dae11229a4fb376475dfdc5a18a18cff201a24f45570023f66cb7c","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpBDE.dcu","filename":"SME2PumpBDE.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":3326,"md5":"d9c25087a9836fe8777680c7f3d2e4c3","sha1":"1ea981371f61f10311fb2deb29466fdecf34b25f","sha256":"3702c5bd1acf83d2aec8ffcd1b8c7980b73f7fa7c48a7bac0bcc01eda277b686","sha512":"3a90648f353249a6e74c6afe54694c9b2e0fea4852220c12e9d3f733dff784d108ee8a85382c94371917188ee38577eaf93b42623c0cab0910a25ce2038339d6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PumpBDE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2PumpBDE.hpp","filename":"SME2PumpBDE.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2151,"md5":"df47de68132b1fb15b161b0912e818ea","sha1":"7303cad9528e046d8f3a22a805e4af7ac4138232","sha256":"bc521e35ffcab6dd1c650914458a86ee849c6fc02693833fa4e987f593d46af8","sha512":"090ff1e9f706bff21ac34509275d26edcfe2d23438a77db69d6052f89bb31bd1b4f09b213a0c3d8dee739c2b018c999541f2bdec930068c538ad00c9d9c172b4","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpDOA.dcu","filename":"SME2PumpDOA.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":585,"md5":"4098c5d0e3c314d9cfe4992109f3fc43","sha1":"e12da5591d1c13e02219d43312c61c5fe33072c9","sha256":"a161c42c8e626c904aed9c02aba99367f2a7e1e3cc4e461d1da9bde6025954df","sha512":"852d352f269b6cdadf323ead08e32ef1c619a84f9ee118fa75076225c44114b09673015e589a1b2c9b25d0cdf9d3ad7d2ae43d41f94ee9141e35020488dafd39","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpDOA.hpp","filename":"SME2PumpDOA.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1331,"md5":"97a42bb445b6730efb11120a62fc1eae","sha1":"833022a226ddd0a43ff4979b6996af1beb2bcc3b","sha256":"cff793449ab9270d50be79dc587ee331be5b3f01c116b1439f253c9c1a3f9476","sha512":"d7dd4e5f76c2ad0d8b59c4535bd9b18a333929b550f4c69f79f2675ba80ffbe014ebd5e343a506481bc4c96e662faeab8647214b3712691e30e98503eb6e5c65","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpFireDAC.dcu","filename":"SME2PumpFireDAC.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":609,"md5":"0f4b58dbf8c9d24e1297bd1b9c7c7851","sha1":"581c43ab0404eeb6bd6923d525572b2e45dffa71","sha256":"0d17764eb6a2b5e9054aece16312d0c778141fd652c60d0877aee8c70eb23e51","sha512":"aebfe8480bf4d6ba70ef9e3ed9dcb75c7fba91b2b23de3663c930440c9e348e003201b664b0b8347ffb930b62b203f6deda02ebfa3817e39e0e6a10c6a24eeb5","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpFireDAC.hpp","filename":"SME2PumpFireDAC.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1367,"md5":"35f4f125abb2e39ca3a2a8ce3a6cbaf7","sha1":"5a81612b812630ce726389eb2965f46624953fff","sha256":"9121c3590717d004bdaeb4de2ee8150a0b5cfef4ac26f31d6f13e8a9e520b025","sha512":"4e34606a69ebe1a32cac8791f5a137d41054248edcb5d67762d523f70a67534a53a12b9535f224bf8e7a69a6de107b1a2ecb67e43aa7f633b13af2385e0a3fa7","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpIBX.dcu","filename":"SME2PumpIBX.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":528,"md5":"4de4c95bec14753a0baf10020c233eb8","sha1":"66012522ca9961d7c4ab9435a6eee8b2e0b44716","sha256":"738d2604f3ca91e1d5866fc4223b596e8d7c670143fdd7d5ef87552d4f4d623a","sha512":"e245437dce28fade286bed662deddd7bdee5b58459268acbd5c34a29178e8d9c413fbc791b6453218d0925155c89a5488fc8448bdce8c84c8aeebe5b2f92854c","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpIBX.hpp","filename":"SME2PumpIBX.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1330,"md5":"04e7f5e66224a6d9666062df261eea39","sha1":"fbfe88f8e0b853154b37bb99880ab93409dbeda3","sha256":"97bc0a8628ef6ee8fdd068f3ae3b04435ef5cf75b55edcc1eeabe335ec95c638","sha512":"f4d02c7db5c44bb86e3a9705b67695bd06baae39c4d939cacd396de00519a6217637380e635bd56ae908704a6b5563a9e990243df44697572158dbda66b46caf","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2PumpMDB.dcu","filename":"SME2PumpMDB.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":4748,"md5":"e7f8bc111dbe1d0ca90253c3477dd2c3","sha1":"543ae3e994424111509d882950990c38bf58e247","sha256":"b179396c17333a0edcf20d958fcf5f8c7893b814ad8f7ffd34c21b49c4aa0630","sha512":"93ed2b41c40e936c68a4fb4312bc86403ec910423cc0a992931b9b41d41233a67e169b306505143d6a3a2b3c11d7f61450bc7e140247178f72f9dd8d48abb3c2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PumpMDB.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2PumpMDB.hpp","filename":"SME2PumpMDB.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2071,"md5":"cb4e34faea4053ff3eaeef7659b63eb2","sha1":"0e3fd19eb755af1f6c0d8ba34b2d9b71c0cc0a08","sha256":"1bd001a003bf598ad19304f425604da6bdf42c2a771e8616388f3fef9aa18b10","sha512":"bca95ba8e28966ff34e8411c9cca040498c1c371c5d868ff44d4b5aad06ac2afbb1f6953f6900cebe768186733251a10b76f1ed637fb4b04d205f8c2735a4b66","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2RTF.dcu","filename":"SME2RTF.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":23888,"md5":"f97f87f100ad33a95ebfb0f4a6f8412e","sha1":"68f9b82b0ecc6125498ad82e55fe3eda704926e2","sha256":"3388075345fa2e72a00782374fa81f67b6d4739fbab8e634c7a379dea72f09a2","sha512":"bb38787f1e5077c9de71ffc41c8cd2a07e6679b1e91a3a869e8fbc966902f3ed7f7df0769e729eb5d7d5e7ae1f7bdc151c51087f950215c2245e4e583a257866","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2RTF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2RTF.hpp","filename":"SME2RTF.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4435,"md5":"00557ace8e2786bc63c944f73472227c","sha1":"e079fe1cf5949a9a61c174c95ee664c314feef3b","sha256":"51c1edb5c4a0bbeb9e150d1520004289962a47193856a3c328683d88cd15fe7b","sha512":"9b405522ea976b7619b6ec0a525ef2bf75ae877c4da9955ccbc4c8cad30010e19f19cd09a4657f705fee6ec2164acb456ba7a81d8a16e41c1e22a0c6fcea2d35","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2SPSS.dcu","filename":"SME2SPSS.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":18582,"md5":"cc4c9027416c0ebf72db5efea0d6e31e","sha1":"b3358fe01cc75460b5651776cb617309827e79cf","sha256":"5221d9568e914c1e39aea602ea139f7dc9bb8b5189f5461cd5eafeb152967bd7","sha512":"3daa7c44c42896666d6eee9d2bb504d312a1d0b3756003370dd1e2e0bfac2931b270b201d68797dbd95be8ab15b562564c3c62343a7beb7e2bb908e49637d5a0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SPSS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2SPSS.hpp","filename":"SME2SPSS.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2559,"md5":"bcee06b5679c1d3e03303c18f18f32e1","sha1":"c89daa78cd553e7c3ba90246ade0301beee7c4e8","sha256":"c8ed8cf5c7b922ea8ccacc78cd8d6574c4b2f499c7359ccebaa2c16cfdeb5b2c","sha512":"311bb63c51f1f864e99d365181e2ce0790118c96baccd7b7456a947731fba0efbd5ef53d2eb873057b382c4164f89656e48c40a8a59c1f2b8c0281f68d80f840","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2SQL.dcu","filename":"SME2SQL.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":33571,"md5":"7af265e3848d99c6515dcafc27e3a087","sha1":"8bbdac1ffa17018c289a7045a23dc9e7384c6263","sha256":"a47008532b87026344554cf7005b0835ab4267472ea573cf73902fbaa070b5fd","sha512":"6e8e1ed751fa8ca5aeaa315596c0f9d9524bec3d15b3fc35f19f9e6aa066c7e2840287d038e43403506e41a8e92fce2f7da87f24ae02b705b75a86cc9060ba35","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SQL.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2SQL.hpp","filename":"SME2SQL.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":9944,"md5":"b3661cfe29ceb6709b460e89d63b49fc","sha1":"fe3bd25c0ca81449fd65b9de90bec81d8909807e","sha256":"b5e3137c4aca0ad6c28ac1e8ea7839218f87817edc2571eae16aa79b2418c190","sha512":"b66e5cfaff0c6b4ca8b4d97b1dfbe335226cfb42dfb49c34463c507144beaeedd25be3792c7096abba12d48756354a7671071f549d6ed9f9d8035a646fdade75","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2SYLK.dcu","filename":"SME2SYLK.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":8407,"md5":"04b5d435d04e312d3ddeab81be1f4249","sha1":"c6d56f20a5f4a8dc380014153dc0f2c85814a73e","sha256":"849d82278b69f06eec3a82bf7ea407c471d4a5a398e4810c8551a9a8ce35d4bc","sha512":"4d509de8f83bbbaa4ffe6e75ff65e1b626eea8c3e66b0a0d5825555b0df63e1141fb52e076870edd312abdea0d4a08ac171f03652c013cc3a7c0f6413b9d060d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SYLK.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2SYLK.hpp","filename":"SME2SYLK.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2399,"md5":"29093678d0da5873aece8c840477c66b","sha1":"0859ed435af076d969942a4a768b6cf97a4c746a","sha256":"be6a6ee863bbb9902bd6d7b314b89b407078700de1009589d6e94b79217a19bc","sha512":"4d2bd9ef4d67551dcdd771835be612ed2bdcd64cf3039279bb64521eaeb687dd8b06a1b240c1a972807154947f80a1d17f8b37f23a1929bd945791f5d7a9acc9","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2TXT.dcu","filename":"SME2TXT.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":15863,"md5":"1287289744e4c531e31e8230f0c48a20","sha1":"a7fb6d320417c1f4afc68798a7781b128ba13c2a","sha256":"04b596663db8cd6e8d02cec268bb30d9c03607e3fbe6f9e2f0d22c1ae9112795","sha512":"22a0daa978efe092e879cd0231f7108b4fc7b19aabc2cecaa97b3b11579e29555b600a3c5664f37d2f6834c144ad61e725cd568bb3b8d83235ded2769353865a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2TXT.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2TXT.hpp","filename":"SME2TXT.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":3538,"md5":"062498bf59c13caf70d60d86d5d66829","sha1":"c1c321de5e7f42735f29bdb1590f7052d983012e","sha256":"5042a827b50d8619f16d9085cd0ab96e7bd9c35d56ae591ee4573fbdb8b4267f","sha512":"40f47dfd215b6ddf6fafaa2a8e0cafd004dc51e27e1453de3b46a4c5cd25a1e674f5912b15008e9881919f2ff37332bf2b6d468d2f651289a2cc0de7f72f6122","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2WKS.dcu","filename":"SME2WKS.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":8874,"md5":"8d18934393752045ad0138da6e8ab098","sha1":"148a41c194dd9eb5af87569fc89e69f5209305e4","sha256":"93f991310accc994038864724b34cf6be26d303aefdd161d97356a0f0b899041","sha512":"aabce95b3fea278b33db5b3c647294379eefb7f8ba30c4016975e3737f066e6b0a47dc95c9bf1ca92353a922cfeee2687ee0dda7d59228eef8d7ef176ddedb2b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2WKS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2WKS.hpp","filename":"SME2WKS.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2390,"md5":"985eb4aa51698a4d5b65f767c4acf507","sha1":"69d32bc9ddee75aa5b9301a3a8c529af8a78c55e","sha256":"31090618a447002b78e97bad05fcf70674a952da48b33a681f5270e623f18d70","sha512":"6598373030ecedc0f81785df40e6cb6c0edc4ce5edad4871f84a490a51b60d83859d22cef7458f159757d461566b31d213da55080d7f8821f7253a68a6a58519","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2WQ.dcu","filename":"SME2WQ.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":9108,"md5":"0980deebc50912bda6757f371f8d2d5c","sha1":"8fd83093303e4d781061580598ebcf9f566077d4","sha256":"082585d2d991cc4d5f9bbefef6f94f0115fb6095513abda45d06039e4df7a012","sha512":"c0dffa7e128c88a87907218b7eaafbaaf4655daff54d7cb5db40adb13ba3d665ccf415d67c9781d8e4199f6eb77a89f3b3982d1237bdc6047b83b84c84f0591c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2WQ.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2WQ.hpp","filename":"SME2WQ.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2398,"md5":"9659a5da7db40b0b3109aa3a54f73a52","sha1":"175113dd3b297a05ea98477c5ba8af36d128710f","sha256":"39f7ed347d9f4596bb71b817c3ce07363ab9fbc55b9026c9d0f0e7ab54f00204","sha512":"eff8e29243a9b738dd0cdb4d5fe22b0ad67d841680ae11f80a0459fedc039cabc121fe3f3ac2d496e8edd12cdf40cdf8f2d662b5e10fbdb97984eaa9359dad79","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2XLS.dcu","filename":"SME2XLS.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":66426,"md5":"2690cf90bcc32d1a9bf3a02b1c874397","sha1":"017c362e2bbaab48c9d42d29c08825f110086574","sha256":"09ad0f0f8fe2bebd3e7aa4ac4da45ba107bf0d7e3309100cc7638956c701ac26","sha512":"6fcfe6736472a6fc3f5f458419a7f7932e3c852477f5cac7369be2a1e5fff607694ea032ebb701c9e73928f63e1738addb90afcc7bb450ae851c49786001aa41","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XLS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2XLS.hpp","filename":"SME2XLS.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":17966,"md5":"5ba34969dcd80ec7ef547a7a0f97ec6e","sha1":"e6afb0efd78ac05be9db05dbfad65dd71f870d48","sha256":"cdc729d9a5d99645ca00c111939f71012aee37754d8bbcf5647f091bc335ccf1","sha512":"987a859932ed0b5371ff85745d2d05b83c078d9961fe3731a730c9b06e36ce6576d7d4c6d40b8c74009c2e47116802429a6ff26edb1ecc49b8ff56413ce273a2","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2XLSX.dcu","filename":"SME2XLSX.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":64459,"md5":"9e8b332e3fdc640ebda7bcd1a2f3f39f","sha1":"e58709db7d2dd50dcd33ac6cde3ad5735af7c57a","sha256":"af48d93e7b2049856e8f16c6ab5d819d135047f6bf3b7bbbafc54914a87e367a","sha512":"edbd00c4669576b6cd9bc49ad33d55b0b0c81c055be77912d34e597813b72acf7a74b5948bdf1ca21462d9e1105e2ce47a7749036d76ca17f38505ebf3479120","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XLSX.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2XLSX.hpp","filename":"SME2XLSX.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":5334,"md5":"ad1c2d3985ec1bd82c1a5f32dabde8ad","sha1":"2afa235b7867d90fa6560911ccd6c4369de7a220","sha256":"bfeae049cae234ff0c7d88a53aa9676c1414de058e54861d50fb42eb7e036281","sha512":"298ee51e96c32ef2cb0f0ca5aa07e37fc1589a485ac6d310f8950acc4d6b26aae5b3b87ea8966ce52f55695d0d33316d1b2d9e7445865fcb48df827bac90d1ac","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SME2XML.dcu","filename":"SME2XML.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":47938,"md5":"9bb5e2dc0d1af4f4d1abf6a567ed105e","sha1":"5644d5b5d06e5b8cb8112fbd41930bbdd127ec74","sha256":"5260ba6a671dfd04641b95131886d7efded3decba7776752c24f30264cf687fa","sha512":"2b21c2cb847eb7d96f6d35ffc0fdc91bb5e522269d45c184e5ecd9c5731af61e2c4d0de8820266f6ff5b349e31a35312443c3c6ef947853bdda97317334c8864","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SME2XML.hpp","filename":"SME2XML.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":5523,"md5":"c14538d338f637a6a4faa57dcc4f0c59","sha1":"86301d5dc7e842c0149ec1cc7d85e241110fbff6","sha256":"1edb5f8e42fcf2a5d8e205db179ef395e54648dda7a86391955a0a62abe18d90","sha512":"349d76b64fed1f4943404003203e29d698cd6e6e9851cbe1cafa696b8ea9e34589e460f6efa7689dfc881a07ced8d29f4eb70ad7163637f31861fd42c0e03738","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEActns.dcu","filename":"SMEActns.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":6927,"md5":"b77def0264964ecc7eab44ce7054770a","sha1":"db0e2ca9dfc471821ad224ab0d3b5dc34ac95e31","sha256":"6379caf3fda3940c89511c84a79b75f2319e5fbb9dcbec20bfd365fd3c6c5b9f","sha512":"54b62aa388d6c73e7d87317342f2ae5521e9452027a170c421b363b185514a4e19bd193b35c5a6c69d15459ba1b9f0fcb5740ae2ebaa1602da34f830b3a0c952","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEActns.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEActns.hpp","filename":"SMEActns.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2178,"md5":"acbeb9ae8a5fb457ee0bddd2d54c98d9","sha1":"fb5610bcb13fcba7793a7005bd8778cac3c4bd2d","sha256":"54705fcd8090773fa8831581bdaa58343d1161a23b8983779b2a0bd5d0666d80","sha512":"1f0e7a4750e32baf48ded6cade7dc4562878191cd5de0e33b9d16b3ad6b8f73fb439b56ed359f15c5111838beac21a1fdfb432cdfa3993e4cc68219e943eea5c","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngCX.dcu","filename":"SMEEngCX.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":738,"md5":"09833e3e669bf8163ebce05caea91623","sha1":"3eff96bc1ec86fd0ab0a355b3619df6cab8c2516","sha256":"309c39e389aacbc367e7d3f66b802684a549465ec04c3e89d89f53bb3ed71965","sha512":"74dc3913b6174af63d33c9f2fc51861a041a17d65467ec76deafab25e9e88595c9ae91b8089428ff87c47b4770ef8222d9525ebf9f64291cf64639f6bba67d40","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngCX.hpp","filename":"SMEEngCX.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1403,"md5":"0dff1f3cd778e511ed699895a3e3d236","sha1":"54400f84755791e362eb558137eb68a4f75f33e5","sha256":"9bf1a9a30a3929897d7897e8e2f49c696c328e670298c412894adf1c17b4fac9","sha512":"319afb15fd435b2ba21ecb3886b6cc6de920c3695f8c9e99bcc1ccf2fb9657334dc7f17444261fa70b4fc6b1904faedbd47a7b45a0ce00d81f8375f3b07fd894","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDB.dcu","filename":"SMEEngDB.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":22432,"md5":"72761e1b7303c46b8d1762009da97eeb","sha1":"c1ece9e9535a2b6e1a0b87fc97ba0e583b19b62c","sha256":"67bfa88431b8f4382443f6b572506987cd67fe4097bfe839a5a243e84fd48fa6","sha512":"118c5e8bf6b1aa2ab3fac45eb92df255a6caa6a29c912d26f46b288108af34d9a6837ba2a1995195a2df58d57c23b15727dde7175326cad0924aedc4b533c706","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngDB.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngDB.hpp","filename":"SMEEngDB.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":5170,"md5":"3f45724b7e701f429ccf1f4fb1515bd8","sha1":"56ff10fa5af421921893ada30fac5329382a9d12","sha256":"471600cfca1571c100fc8314a024babf1aa50dee9206fea8daae58252f7276db","sha512":"58dee4f632fbeb73bad6d8102ac84640684e9bd3d12fc21477f9067016f16a734bd874c517cdd518a8dd00762231be31659f354b45b98bdb5333e5a1b135c02f","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDC.dcu","filename":"SMEEngDC.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":709,"md5":"cc4dde79b90a5d580394a30c46de8ca3","sha1":"9c73d9221572cb0308957781e52a466b9b966f69","sha256":"3a328e676ccf8e87e894bfee8b0ad01596d4e9dbab3dba8d5de72807f4f6ba11","sha512":"42cfd2d2d97d758ca6abde801e18108b678ef116d1a138d3fcf4909e06cbc903692f6cf3c22d84d8b1fa5293cf407fa22108dfd7ca917aff21f96e26e48915b4","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDC.hpp","filename":"SMEEngDC.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1346,"md5":"d266ab413bdd9a853f0ed8a41fd5ba2c","sha1":"83dc33ab5a2f2278afd7da8b85e54feb9febfc1d","sha256":"99e607c61a53cbca904fb918dcd1e3e2f20186d10fcae1e4729c0cc6ec84c1b2","sha512":"a24298608228d396ded0a4210b6e684a8a2be18942499e5ebd6919aba6f782e537ff923b93765ff3d5fec57785ce40d5f1610915dcbf7adfbeb9f561a163ed68","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDOA.dcu","filename":"SMEEngDOA.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":628,"md5":"3fd730f2808e4ce1b968f25cca070133","sha1":"aba8a87c60bc09e0ed0be714ebd6e2242330bf15","sha256":"d34755b129fc3de72a2132c84dce3d59c5571c47ac8b8cfd41ba3de9b510d9dd","sha512":"9747cff896853cbefdc63cf9e8043c59b700fb0000281b7baaabf736be37a2740438d4c0396ac22d0ea9d099d2e7b5310df9d7df7558831ecbd2d529d7048a52","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDOA.hpp","filename":"SMEEngDOA.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1349,"md5":"5a5f85a46bc74e17ea0584b10a96e7de","sha1":"2c845c903cf7b79f4654e76f192d98e94d6daec3","sha256":"3dc5483ec95eb7acb1288bea686744f7c2ffbbcb67a62a1af0f855dbee79fb52","sha512":"fc32ec2dc2c7eb28830af356a62a20759b3213980b26f8bb9c237cdcfb6d08921efd54d265cefcdc7f111d5fe44abe61e35105d3667a13a1bdc22479d4a41ef8","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDX.dcu","filename":"SMEEngDX.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":785,"md5":"e392040f59c1f7445011bbc233f1b9c4","sha1":"23dc453171065f4e7b7a5438778c27554284e82d","sha256":"549b4267b93724612fdf22a5e93081d0d5399fc7daa25cfb7506ebf493e837fe","sha512":"aaebfebb7ab2361ed724a669b201e5a4e1324c8f0645082037a81ba97b81684b7b36567e2f6de873a6f5657cc97034ea7761ad8f6058b0d3f4e7bfc1de3ae4a8","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngDX.hpp","filename":"SMEEngDX.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1395,"md5":"b4b9ab4fd3649fc0429517754dface36","sha1":"e15f5c177e7ed0306867f12608cfc11e752a6566","sha256":"9777b6bfe55fdc47f5eb7b62615aced1bdadca043ec3b1607856a8dbcb2577c9","sha512":"7783f60f2758c3f69383fe40de31b974a275f76b8057878cf5691ccf74ef4f5cce2b1d57baabffbfd626ed684c5d76d3df6131e788a1facd10c9e6b049b72100","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngEH.dcu","filename":"SMEEngEH.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":4983,"md5":"e6420831ef52f25c61dfd58876f32dd6","sha1":"dc1b8de6c17e83052bcbd540534bb73edf352b9b","sha256":"92f6017a6fcbf24f2a69586e85d0854186d700ec55622a155210320660ea5bbe","sha512":"ec67a6b4bab52e6b004a496f7b727241b16780702576ea337a541ace2692287ed416a78801cc2286631d64d2929f41b8b8bad9bc0c982e7453f48627124255e8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngEH.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngEH.hpp","filename":"SMEEngEH.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2374,"md5":"21b16bb374ca8713be57e3358c32128a","sha1":"f2df60c1942a0d1edfba8e6aaae60ef0f8e995c5","sha256":"fc5038d61850d9ef379760cbbe67708fcd59f237e4a6f51a21d4b6a4bdea995e","sha512":"6cb255d2c3ebf4ac7953455ec3700acd2c8afbf866afe9b3c70a9903e35a362c9763c44c4da1fe57481341679b8815745769da74152de07812f7eb0e0cd0a95a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngFireDAC.dcu","filename":"SMEEngFireDAC.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":644,"md5":"93edef31ec68bbe2f478137dd261edfe","sha1":"697c15a168a1e8e5620b28a06489d19cba88a8c0","sha256":"6c296c68398aab2f925b49006914f487f16cf96996d1470bfb04711d6df17891","sha512":"7dfda84593114693f4cad957b9d115d89f02f37b8ef4e5deda9730dafda9951b50c212b1c6e8b00705a21f0446b8eb6e7e27ed08895f070f97d157584a3ecabb","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngFireDAC.hpp","filename":"SMEEngFireDAC.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1381,"md5":"e7c025bec67b4774e83758294da78f5a","sha1":"c044d9194482db6080c437d65cb6aea2b89fb2e4","sha256":"5a0429e9da174d9e7c80fec45a69a7b146767b02b2c6fb09a755b67437ce3d23","sha512":"e8b50f0044c6731b826e1de188d52ac39ac802113e59b8bc014d3a77f9859ff1044ce68471687ce4e901a48a33c413cfda017c701882f0f167b0ce0301eb0619","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngFxDC.dcu","filename":"SMEEngFxDC.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":717,"md5":"5627490b2e5b3fb7d7180bac188605e8","sha1":"468681aff7fedf0db52f0a5f92af280f4aa53653","sha256":"2bf2b8c0f7dfc462f4954668636e469ee56fc4642c9a02f8e6f4a2761700e12f","sha512":"21a036de4f20a18ea4828aba1c875c9cdc43bc90f9fc31e0a597d53f775d92847e3919851a289a13ac531748cb53163032ab102ac822f7610936e3bd21858d64","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngFxDC.hpp","filename":"SMEEngFxDC.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1362,"md5":"313f9d4a5db48649ac3a9a90abdde239","sha1":"caa860fc5c8cf0a99dd72a252b2b540216f0c40a","sha256":"b376c1768b1a2c3f6458b7522dc1faae82e602dbbccd025ab1667cd32f5a7d7f","sha512":"c324313aa1f8abd2a667db55f50733cc02ee630879a809d8be31cd81f2cc3fb00de1bad9d16fd282c9187bebeddb94e0ca810d371d17d28b7888373f88c11f0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngIBO.dcu","filename":"SMEEngIBO.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":628,"md5":"1e89cb0fb1c51656531435f68af6eb80","sha1":"e7f3eee78a02c261e394f52498a273b855223375","sha256":"8b6499fea96d58c1560d8c98341b951eb0d46e8c24ea460e89e1224795a1dc4a","sha512":"be4b31bc40da3fdbfeb215fdb7645e30bb0aa860b64a1bf4fc030fc3c01bf97c28a9e4ccac82cf773009a9da657a873b23a9a6c608560f5fd0d89e49c34b585b","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngIBO.hpp","filename":"SMEEngIBO.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1349,"md5":"8fc2d5e68ff05216b6a6dc3d8ef1a142","sha1":"38159358dea24dad71488d087f55d05b1615f690","sha256":"3adb52b13c0830406fcdf413de3c5b3cb9bf98e1b41c6da3e1b9ab45a62288c2","sha512":"33125a4d2a0239ccd0299befc259fc894e2eaad3c1ae2dd4b7721ea3a09ab9cd486716f04295286b41bfe5bd81cb930d855ead99be51b992aaf0744c827cd605","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngine.dcu","filename":"SMEEngine.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":38905,"md5":"8ae3b8cf15cae53191c902960ecd6ac2","sha1":"6fe14f7d866bd541d0ece5b2ca9ed6748a13518c","sha256":"8a7866b11c47c8c096df00ea62c014e73c6bd595142c0a041ab28abbc493735b","sha512":"de2b89c2c7c646d4990be652916e2cdd0d2c62daa418aa4a59e196e4850144be2f7b76bbc88704e698bc14bc58b2d1a1bb6b4c070fcd77c9ecfaf4f5fe029eff","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngine.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngine.hpp","filename":"SMEEngine.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":19017,"md5":"57529300a5d58d45b5073b3bf927eef7","sha1":"2ac0f9cac7e2af765f8a09ae72dd3750ea07fc5c","sha256":"031db6477745101f785cd5184287f7fcebf0bd97d4a52b2ea3847bf0998b6d30","sha512":"d7e4c592e485f2b76da3ec7271fd8bd576ccccaa4e5291cf19ce473b18918a7ba33217f9746fea6be885898b1f7ef17d1243955c68f0db296545a01ab1bfe1c9","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngLV.dcu","filename":"SMEEngLV.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":7453,"md5":"a579e43081cfee761ba3938f3ca18807","sha1":"197c25ff00957c27dc30781f30afd0c115394fe1","sha256":"80fd72a686aa4caf195873f2b05f49d4341cef2d51b8f91df85a5fc29cee9b06","sha512":"cb5015dcb856d59b589de77d9af0a53acf0389e9ec0da5e5f11a9a55ecfa32d2147e1666a788e41cd0af3cba54a64cbd5b168f0a501b1a44380571f73524f05e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngLV.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngLV.hpp","filename":"SMEEngLV.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2694,"md5":"c4d8fc843fd11ad4870545ac032d8f97","sha1":"0fde1169da7c7179d2a1f8cfee02f4b7443d30b6","sha256":"b9e01cda35e0dbcbaa7d2f914ebc3147a05cf4fdd77aab5ed929b73890e187fb","sha512":"a3dad801a90a81de206eb5657683a63e88a373e8d199dffe2251a52ba4cd9f7497374fd98338e95afa7d21788d9f67e27fe0478a78fbcefceb975d049dfdc6ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngRZLV.dcu","filename":"SMEEngRZLV.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":4366,"md5":"acb3e473c8ce549e2a0b59b2423429d1","sha1":"6ba3b74ef15de650f2cf92d40235d8c65c20b71f","sha256":"259a108dab404fe0c3258f41a2f03304f95dcd56e329231d3787f78da8ff9cf3","sha512":"c8caf49b4317a6e4e69d93367c2371af389368f826b3bf3491611c3e9f535bb33977978afbc337a5bd03006459e722b80774445e0ca6ecd642af2f57327dae68","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngRZLV.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngRZLV.hpp","filename":"SMEEngRZLV.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2252,"md5":"d8c0ff25baea8f937b59c8679647341a","sha1":"74908787b2d11f47f76bff9ca4b9bcbbaf163464","sha256":"41b2d4eff9a804724ec718ad20d66a034fe5697d9599b1b8f7269dcd8ed8fdb6","sha512":"9943884b94739207349108d1abbd40e5d1ac858f2d845ed7d3bdf61695e0ae30a48d5f1ede677830a649264d6d4d92a6c4641bd8e986b0ea7cdb4f77a81d37f3","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngSG.dcu","filename":"SMEEngSG.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":6712,"md5":"375f38b3a573fd0b351654b21e2e0986","sha1":"eaa87e939c582ec0f44ae5d0bd3760b539d8c069","sha256":"89d5b670474f2db57e2f273459f2bf273b1826bb489096eec0318d710b7465d3","sha512":"8cad6cfdeb76b9034e8bd41df8da54ff6a3256155ffd1d7004df68fb700d2f28366233b14fc739c1c22772648753f4981286884a33df5fdc2be08168e41e2a91","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngSG.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngSG.hpp","filename":"SMEEngSG.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2606,"md5":"00540f336508ec3c92a7d976e637d532","sha1":"999193ac1adf73e281ba469c1e72edaddc486b81","sha256":"0d58b569af9c12dd1b1d7d59519a1c45d502574bdee88b1b2807eed3c3749b34","sha512":"0b91d0ff45c6aed711beb0db97d9256b8c1282914b0d82a09303a718f28225615aebf8db8011e9e9466a5da6c44e4a94c9ac5fd1915d8d9f27a88cfeb70dc453","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngSM.dcu","filename":"SMEEngSM.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":5072,"md5":"b8de69c7c354ac60c8d1c878cf28a3bf","sha1":"74fc632fab2bb589ba46899985fac19cc5d2b632","sha256":"90b5abe00359461d6659891d8b76c8b4373b40cff85ab2bb35fc8cc79f9987f9","sha512":"669147081b5ac1f5af3137dd311daae3853de68fc2dd567070d9ed4c17f5b9d07ca6bbd4c6d101409a0b290e88112cfbb91c40cd7c2327cb54dddfc56f234361","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngSM.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngSM.hpp","filename":"SMEEngSM.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2354,"md5":"8732e3b7d3afeaed3034fe175dac05ac","sha1":"5abd8aabfb0cd85cd28f0e54bc5b93cbfd73315d","sha256":"04d80b52c2fcb6cce5855b645bd61c8ad123306ef1474d98b466a5eb3c3df910","sha512":"ad701c1e8649d38b114f314e7b5d5c34a5fdd27f6cc13377213f507b735b50bcf977a32d874a0d20d5ef6727c0b9472e5201e2ce316cfd433a2e11a82fa790f5","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngSMI.dcu","filename":"SMEEngSMI.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":765,"md5":"3c4e99f9f496cc7ebd51391d8f641a7a","sha1":"0ce4e31eb2ff07804b597e54d2d843d4adf0dc29","sha256":"0eac68006525de1af3a754429244d74261c071e88d2d49021ca2e9a3859dc0ff","sha512":"9f68beff518f50344052c9f54438e8349e7f4e22691b5a913dd177fa0d7252dacde173cf1f9d1643bf10b6c5f35dbc43edfd93cc59eb4c79ccef67dfe8918cee","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngSMI.hpp","filename":"SMEEngSMI.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1383,"md5":"1ff232a504dfea2b7fa23cbd81f92f33","sha1":"9ccdc27644d6b6eb4428af841e0893c474eb6c2e","sha256":"a1c338a5aab9ab5326b39d08f356f76ae24cf76eeb2de275fe212fa4b939b8ff","sha512":"6c905d410e21ff8867dcf6943df6db8e1537fe529f495750f83d79e8d99e762c3ce20fc6ef3b172388504031678beaaceb2483ecdd72948aa8998534dda909da","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngStrings.dcu","filename":"SMEEngStrings.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":6776,"md5":"dedf7b1f7b6383c3a4469dd023f807c3","sha1":"6ab05b53b9a54f9b4ef1b7355f9fc05cf4cfcaa5","sha256":"99657b6f37241b03ccf223cd188a35c59ca269466447b24dfcbd9eee61dc410d","sha512":"50568884232fe553bded7df39f076b7c7da9704c0fb9837bae623ff83c82ab2cdd552d363a0defc02cd6227352916d6682e8efb9bddaf07f2403f2c468bf8030","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngStrings.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngStrings.hpp","filename":"SMEEngStrings.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2397,"md5":"01c97e00c5eabc2683fc31168149adf7","sha1":"22b146d44cbf88736bea4a109505710b0f154030","sha256":"c93d586afcebb61d72181239b384121842e46a558efd05110ac1862fd4c0c860","sha512":"be126acfa55a8f61ca537f7536ba6bc21ea8c5006e332f2fd8f5e5d7d4ae8eef76f33c133597d9999c8e165feba8105b9b2dd04a14a1f655fb7cdf80ed63aa4a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngVG.dcu","filename":"SMEEngVG.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":5019,"md5":"efddc44de61b8753fcf1d426ff661029","sha1":"b05c7bf092938b02282bc6b1325f44251d9b52f7","sha256":"ba9f1f4106fd2237603916cee4c1cb8bdbf975b2634a280a9951071a68e68cc6","sha512":"1d986bca4332a34f767c16e5388a8ec8823c6d743a9325890aae213e42dbfd6bb42cb1f2b030e3d7e106eda09f98f7f2a76ce7328b71b8d02bfec18a7efbf4e8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngVG.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngVG.hpp","filename":"SMEEngVG.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2386,"md5":"7fbbdd86f5aa752fdb900aed9d359bf4","sha1":"e4af957b4758652995dd868f90915de9b5bea865","sha256":"c451a3a3d3e827397784f22e485c86e948f8fa1095bf0b1af0bf50c7428ee19f","sha512":"ba22b6998a5b3ae0bdb5080bc556131ba4476ce2a0ab15a0a230887a0025ae91450875e1ef4ec70b1eea5432c1877ee8420ca66b0ece522c8748792ce9d3528a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEEngWW.dcu","filename":"SMEEngWW.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":16421,"md5":"458b3c92bb672120eb0bef5d4ba4d2fd","sha1":"1320f43d22f1a17f9324c60a97e2002ad246381c","sha256":"49e8983bf4d6fb5ac72a0240fcd147927e809a330913772274ae03dba721a52e","sha512":"86ec2bbc96b286c2105b643334023cd50e687957443f056629469c30db0e30b00b23a8239980586c979b71413ac633a86935de9f0e3a6d1f018fc009ef5c6425","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngWW.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEEngWW.hpp","filename":"SMEEngWW.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4555,"md5":"0e40c87069682aee42b1875c89767d38","sha1":"4a1c9f450a0e578c7caba0c2acffdcb1ba505d0e","sha256":"240d26178f1cfaf3a72a403268a2845e502a929e3ee3bce482c3161da1c3b233","sha512":"049b0368041e39c251b198d8463430dd0a7a019bcee0dc27b5ad447231748dc0e932f5f638e07fbd9cc018bb0ab4ec43a4f7b68e9be34591fe3357772d9941b2","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEMIME.dcu","filename":"SMEMIME.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":3436,"md5":"090cac40ec0eff8bfd006ed3246ec2c9","sha1":"aa3e723989c5041c26269b8f053aeb1db5c3caa1","sha256":"185ac3e8ae2a4983d7e00ec490501cfb395d793eb124f6c3e120305683bb4f4c","sha512":"6775d7c418df29c72783a781792509a9c1f9925adefc27e4fbdb2f33c2ef5c4a577689c7d1df08b2d2d66366dedde2e4f472431d674dd810c44004d4c1b70666","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEMIME.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEMIME.hpp","filename":"SMEMIME.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1525,"md5":"6724697280004a08d677487ee30e4eec","sha1":"25db484cf33a3399356fa8852572e85f3d391df6","sha256":"524c9dc704723bdd0546e8aee4f1e319e7e10a8e64746fee3dd2807c6a2eadf6","sha512":"4246e4cb11cdc86f3d0de0287e9f14f53767d512e7b7f85d8aaf810c72324ae1afc023a26c4b741473ea015c4510ce206c2aefea13e90ce179fc615a0a656776","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEMonitor.dcu","filename":"SMEMonitor.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":17673,"md5":"44f8399f79ebdc66df491415f115be47","sha1":"a558b145fbc335aa904ef04ce9faaa3a0104e65c","sha256":"7bb012533fe10a4f237f5969fe0a5d0abb898539e56a28d1a23e43655d98e2b2","sha512":"91798728d380385a081b4501494c62a54e93ed0726fe3e501d65b1ca82220d04d612e5046067556e681bb614cf7341a163e77bbac4e66c92b01ffbc2ac1cd4a7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEMonitor.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEMonitor.dfm","filename":"SMEMonitor.dfm","modified":"","Modified":"2018-07-09T18:08:48+02:00","magic":"JPEG XL codestream","size":2197,"md5":"180e0c0e8711453783d66fe240ad5995","sha1":"8e42fe51f1a8ffe9168ac645801e87955ae3ce4e","sha256":"741d3d829c954d3beefbb2d682bcd7ae314df635944ba4ff3d3e755bd7d262bf","sha512":"d5ec9fe02dd0b504e53c3201de5ed337eaf6705fca40c55daefd0154d3228ad41d9674cf90d17bb393f9da3ff98885aa53fe4ede69a0f2e365e9e99ab5b8c29b","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEMonitor.hpp","filename":"SMEMonitor.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (395), with CRLF line terminators","size":3947,"md5":"a0f6f3c16ed5e39ee93c3e0dd02d1727","sha1":"964ecb6a356390ae74f0562f0864f7a762a01e61","sha256":"67d75d07c6e853a6c052d2a87b58400c0e596a7bdebbb9180042d024d2f75df5","sha512":"79011ae24d17711f858bb7462252e5146c2b93dbe3eba5caed511d855ff11f08d964f4f220d410dae706a9c55a9af5e35482f7da3f827faf360cb906d0298b8d","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEReg.dcu","filename":"SMEReg.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":28027,"md5":"e41099139a301e6d30659bf8c8ec697f","sha1":"4b888470811a66049f65d9fae92b40f598af8c69","sha256":"87b55718703abe82c96368ce3a273af25f6e8b2d96a5a5a5d3b190590858b67a","sha512":"f1308d39f667f4d63469da3c63778d7c68c442977b6c19ac09e48859af9721ed0d3b31d1c0242649817180e3476d1a4e2d6ad1e47f283916f2f4b73f775d847a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEReg.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEReg.hpp","filename":"SMEReg.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1238,"md5":"dbcda894ccf345182a487b55c54fb201","sha1":"3546d985b8f3dbc22b6cd390cbe7fcdee0f0b944","sha256":"f0c46930f626f1ce77c08ce5a2fde4248f245ac9f7fb7bc723b5319a52dbab76","sha512":"1dac212002926efecde4446c771908610a04f519992f32cf100b02475810fe7ee0302d78761fe3989c5670844271a2b5a20e95dac908ad5f4daf1a8eab0e9557","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMESave.dcu","filename":"SMESave.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":7163,"md5":"5bb00d0351530bcc2a0a7052b3df3985","sha1":"a43f39a120bcab3010558f20512cb21f07424606","sha256":"31aa3336789fcfe7a8caaac65c69949f21367421ba2e5d802a06e8f40626ce83","sha512":"d60b6c33b43169bfeee4405793ccedebeb6d57e153a252aa7a31754d78a860f2353f3f7adbdc56f39c6e385264817a79e1ec70721f2824cb4189d9e6b1b6702c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMESave.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMESave.dfm","filename":"SMESave.dfm","modified":"","Modified":"2015-01-08T16:46:16+02:00","magic":"JPEG XL codestream","size":929,"md5":"b576fc59a8c1bd4a4d7af95124339047","sha1":"2aae95e6286dbec6b88d25620880c0c3622e85d8","sha256":"ae64bf4e5e42023bd58b14a60a474495ccad93a247da650339650d104f5b41fd","sha512":"ccc0f80017344c99304c2598c700cb3e567afacdd1fc10830404777983cfc0566938b360671547634757b9191041ee3f2706cfc9f1c34f55da3ef81a26889b92","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMESave.hpp","filename":"SMESave.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2669,"md5":"78ca79b188b93fe7b258f716eee87498","sha1":"b054eb320291774448746f5b3961eb48132b396d","sha256":"6bb604abadc015354acd3b84ce3721db9d4f48a0f24a333c477c2f60dd2212ad","sha512":"821c12ef64be347bd5db25a53925504d94991ed5ee14905b71b79176cd27a5416b0923366e77855cfa813ba3aba6ec2ecb1e3c0d02d5f9e2aac4a014469ac5c9","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMESpecs.dcu","filename":"SMESpecs.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":10145,"md5":"1d65409ce98467b9ccfcd8eca86cf018","sha1":"f0914c1f58d830ec2ee787342b14621e100872b1","sha256":"5e4cb805a7af21a1addd85a87cfe5992113197335595bbe01ad4b4d0f4090d33","sha512":"e003a9767442920014f9ce1c5622f3eaa1377ebeb1e56b492f34506f718e2fa85695f42663c8f12a86974871d8a66a2bf77834c61256d70c9172630cda2231c1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMESpecs.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMESpecs.dfm","filename":"SMESpecs.dfm","modified":"","Modified":"2015-01-08T16:46:14+02:00","magic":"JPEG XL codestream","size":3387,"md5":"3d2499e700a17e5023667e50e363a0d4","sha1":"e5e5fd605f003127119e6f5b80bc00596b97b8c6","sha256":"e95246cff64859f3e1417a874acbbc30b1b1503d837e9464294663b23c3a7350","sha512":"e9810ed3dd0756709fb447e7f16331858f7cdf4e652d783cbee592c440872ae3e371fd5652e4b581ce97ff534aa7310e9386d4128b6392b6eb6292e8f0a0668b","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMESpecs.hpp","filename":"SMESpecs.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":3573,"md5":"d01a65644914ace28fb4c73164a76b8d","sha1":"488500850ff4bf2eaf54c889943f39f1e770ab46","sha256":"3f8c4d2d870ecd08f3950a0e757550dc2ffdb09fdfee2086a60b199d801d213a","sha512":"83096d8109f9ef0b3d81edbae8b9f174ebcf53be5f765c3e1287776043000fe62f3529b3e9f413f1c2d8c9320abe2b1c3d05c1a8f637d0d4a0488fad1d8e315c","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEStat.dcu","filename":"SMEStat.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":9408,"md5":"022250b686ea0dae676fbcb3007d08f9","sha1":"737c0d2963eaf73d9fad640cf449ccd13915f98d","sha256":"a3acbb5b1bad5edc48f3d44641838e7ee1464ee4c915490950a2d4dec7dec9b9","sha512":"d813d127cfdd20fb48c6a1c7c841af5696f8d4bbd160e7624e5612c77a70fac0deb14d09ba9c4e886e415f8afafe67fed7a1c6beeb107c49337089e0016d15fd","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEStat.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEStat.dfm","filename":"SMEStat.dfm","modified":"","Modified":"2015-01-08T16:46:14+02:00","magic":"JPEG XL codestream","size":763,"md5":"bcd1d9b70c2c76edad29717b39b4754d","sha1":"d51075b7513d16420af24be9a0318956fb173fbe","sha256":"904b3188a98d2371c2e365ebf5afb55054cc54f9684a6adf91d175d31f97b45d","sha512":"d6f34c78c4c692bfc6ea163e24e86f97c224f685892474a525bedfbdd7a7df208fd2a199f92f15b026fbb0ab098626ca97bcba4f06edf8c7968c3c798d732ab9","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEStat.hpp","filename":"SMEStat.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":3107,"md5":"be748ef25b2e9a73392cdb8ffeaa6666","sha1":"ffe78d6f5248b710f4fe42721795c7a27876e9aa","sha256":"f57549ca7df4c5841f8d17e9b6c2c14b09a47b407eee61dc1ab6ee6b796d20e5","sha512":"a19d30c286264dbdeaff55dc8ecbfce2f2734741c9a0cd325bbd38574c66d884bc57b12d7cc50beb1e367a37800cc817de79cc5c9994dfecc342183d02e82a9a","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEUtils.dcu","filename":"SMEUtils.dcu","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"data","size":6085,"md5":"faf772a985c7bce4dff0018983d54bd6","sha1":"c6ee3db7c9e8fc57a9062a5ac31f97f7bb8412e6","sha256":"1e89a5a5110b5f36ec0bf7378671410e7dee66aaeddadb387318de94dfbbbe8a","sha512":"bf132c2b4354df9d55e6f1a43ca9eca23aa14bceb72e1746c5e7ab4c89854a40053b1e28a719b765173abcf0611f81874089f657492b26d2d42179fd223d65d7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEUtils.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEUtils.hpp","filename":"SMEUtils.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2185,"md5":"c02c96edbf26456538e17898248f4964","sha1":"64135c20be8291c247805c3c929fcf30ea0d2d0b","sha256":"4189ee1905fc32622b626f18461ee5fa0512bad6a88fbae9b460823610443481","sha512":"c652b9153b608ae1adfa56d7a20763ea810837b2cbfb2290faf1da86de4709fd4020f13c6e8a63cd46b185be772aa552990798de4a79451ca3dc58c24a915046","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEWiz.dcu","filename":"SMEWiz.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":111711,"md5":"84450700cc47ab2b3278a98e367c6fad","sha1":"2e2146cdf0b67330fd06c52e131e37130d623e98","sha256":"230c3625505ef1dac187cdc047612f43ab278202520055687cdc9f7a9ae88c97","sha512":"cf19d28797bee9332932bb65233898d3ba53250857c235ab6c41b8b247e8ca35858cafa965d65112c0edfe0c42a49f82c6f68b4d4d4e5adbc5572c9699ae99c8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEWiz.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEWiz.dfm","filename":"SMEWiz.dfm","modified":"","Modified":"2015-01-08T16:46:14+02:00","magic":"JPEG XL codestream","size":114168,"md5":"cb08cd5e6696e49d26f3167051210588","sha1":"052b875a30c44a89bafd567579ef3ef2f033a602","sha256":"dab6cacc06d9c7e781613e5bf688646f26db4b72507d12d4f5e40667a414a064","sha512":"7d0578bd64dbb3db526f82e4fbde868df68114b23f647171c9082c9bee5fb1dd056898a7fd20660900704afca4acd1d78d6e194848ef26f97aaf180ecb46fe67","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEWiz.hpp","filename":"SMEWiz.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":22976,"md5":"141c16106bb595e8535c1a43ddeb2bbf","sha1":"0e2e72753f2a8a77239a06208b76e4f45e4611c3","sha256":"d006856a737af7ec22d5fd409bbab9dfffb566d8a85d4de912d3b6b2f67dbc22","sha512":"eac928c6f45e6df98c691ad73ee92f415b6b1e8c8dccf70963355d82d9e49d23e742b996db88802b8598e57adf0c6c39594ad0871bceb09e4842303fb731efef","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/smew_cat.res","filename":"smew_cat.res","modified":"","Modified":"2015-01-08T16:46:14+02:00","magic":"MSVC .res","size":8508,"md5":"b9e7df64b74a4f7c5b9b9d046dea7900","sha1":"de4fc2a3894be38ace73823ed788b9d55ad28bb9","sha256":"919be5eb2d04adb63b95a2bc658af5575efa95aa9cf6cf4d4d04f2605597d604","sha512":"23c5cd2e9e74f9bb335ebfead264ae656d425fb74a6f54580fa303512645c0cac0d988a900e5636152eb308a87b1ff3d8a237a207a0ca23f0805da8252ca220f","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/smexlsx.RES","filename":"smexlsx.RES","modified":"","Modified":"2020-05-11T21:09:11+02:00","magic":"MSVC .res","size":13776,"md5":"6f2a25b2e76c55780951ab02d6c820b0","sha1":"8ad6db69d02e722d3ff2649af56e7c885243eaa4","sha256":"82ee4a36a511b74be4002dc4aa4895a2cbe3940cb0a20c0066e77c648c1fe2b8","sha512":"453516a2eb4ffafcf7c06f54c4e4cdcbfaeb9a5e26999ccc1ac2c0c2a99a91c4d750a4601ba5678104a718a76eb3c588a136f584f6b2b39b08443c39c97deff3","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.bpi","filename":"SMExportD12.bpi","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"Microsoft Visual C/OMF library, page size 16, at 0 dictionary with 0 block (FFLAG=0x80) 1st entry  in page 17427, 2nd record \"SMEEngine.pas\", 3rd record COMMENT Preserved class=0 Translator \"Delphi Pascal V36.0\"","size":157940,"md5":"65ecc68c404c8218f2a2e1e048ba8ee6","sha1":"ede1f8d8ca3387f9844b1c44b81afe3de8496fb2","sha256":"dceffb261ce5f6584d5c9dbfb365a389149f31a6920f50e01d344abe711f1f81","sha512":"a8f5b20e732cd45953dfe7d93d5bd80f0d0436eab0492639eca650a6f766a9de1af040571b2282066134b023cfbdde3589a1486cf27f9a3890ceb8e1ffaa3584","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.bpl","filename":"SMExportD12.bpl","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 9 sections","size":988672,"md5":"811d38d349148c093b29a58edbde3e94","sha1":"b0d71899aedce0653e5b5111c3d0c51a1c903c67","sha256":"cb925b172a31e5b4512b72bbaa3d3a95914ee71751f8e85ccc88b1533c958aaa","sha512":"87394c5fa771792471f153a4146b60eb5d658bfc12871cf466956d461f13a84d5e81bff21c1d545febec606f4d2b503b2c39985a14a7cf16083f97f9a665e4b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.dcp","filename":"SMExportD12.dcp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"data","size":834778,"md5":"b93fc80bb3f06add71a6e3f5a595a4e1","sha1":"ca661f047a189d05f5a02f3ef81faa32f8077e38","sha256":"a1902f967d9f4a89aa7c8f2f3956de42748c29728b0443cc8420e323994c0c0e","sha512":"0f7cc50872f8c4f17a9a129a07790a5e04b61c63c001d0d8bc5b842e467b37c8a142cb813572adda876daf695202fcec6770c1017ac2abcfe0c7cacd0482ab0e","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.dpk","filename":"SMExportD12.dpk","modified":"","Modified":"2023-11-19T21:03:16+02:00","magic":"Perl5 module source, ASCII text, with CRLF line terminators","size":2737,"md5":"bf20b09762fa50c998561798350a2672","sha1":"c1bd2911b33edb6963f17b6e2ee92d73c2e82b05","sha256":"22bd602b3b0dbf4e488cad56633a2e901a58c57f415f351dd91753383cbdb04c","sha512":"5883061b400ae8b668787df02fa0c00e9f6f1947ab6fe65f5bd20ec4cc873b3424332843c3fdf589c3edde6bcdab7af5f96dd4b8c181b47a9b555eda296103b5","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.dproj","filename":"SMExportD12.dproj","modified":"","Modified":"2023-11-19T21:03:40+02:00","magic":"Unicode text, UTF-8 (with BOM) text, with very long lines (2870), with CRLF line terminators","size":17770,"md5":"5e2eabd5eb3f1a5a0518b603be81f0c5","sha1":"0fc2f57ce32bb2f389559912c124280be84acc43","sha256":"268962eadd3430a079dd5cfd29b959caede2c1301c88f20314fa7951bfa0d549","sha512":"8cb1936c8bce0427bc2fab53fcf1f9e00a63a9cee756281c877adca40f84f9c51da01b17e252b65b102264226d1715ccac9854143f9ade036219794e516f52db","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.hpp","filename":"SMExportD12.hpp","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":6796,"md5":"a470ec74a97f52e9979bfc1c38566bad","sha1":"db42fe48e14adf5e67ea15a06502558b49f82a85","sha256":"d63165ef5925e4596554274d4668de9f125f37464638349ba6051acf246eee87","sha512":"4f09f19cb26c3c5f2cdd693e450557cfc381cd4f1590b1d30cf0802700f203dff103a7b620204847108395aee7dc7e5450526ee09a01d5d75bd4f9afa4c955d6","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.lib","filename":"SMExportD12.lib","modified":"","Modified":"2023-11-19T21:03:21+02:00","magic":"Microsoft Visual C/OMF library, page size 32, at 0x131000 dictionary with 4 blocks (FFLAG=0xbd) 1st entry SysInit! in page 1, 2nd record \"SysInit.pas\", 3rd record COMMENT class=0xa3 LIBMOD SysInit","size":1251328,"md5":"730c4b75ef859db61f35fa7849d2ffa5","sha1":"a246bfeee34eb056d257778fce477601bb6e827a","sha256":"73fd345b82d80b2e35af69ef820a114ce0264f15a81b0e64f7219f77e4197ae6","sha512":"0c495ce02793b9a67038aae6600461ff3223fe9f943994d7b7e3706e6185fa9d66a29f514082a23f52d4f1689dfe04913bd9ecbc1aa2f0e0ae9ff2842067e8f5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMExportD12.lib","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMExportD12.otares","filename":"SMExportD12.otares","modified":"","Modified":"2023-11-19T21:02:58+02:00","magic":"MSVC .res","size":96,"md5":"1d91ba30cf23dff9f6c530a33ccc4b9d","sha1":"c3682dbce21920e087e265e9c52efe0f2904bdb1","sha256":"b6462367ebef1487d9adb4923b15dabfad0479510c1f4fcc92ff797dfa92ec64","sha512":"be56850e4fb374f8cbfe404647ac0c512766812dd0eafc74f317e61927856dddbd76e39f3026f3ac6a72d239372b6173db9b3e4dd01b23cedb2ca12b9f2ed0a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12.res","filename":"SMExportD12.res","modified":"","Modified":"2023-11-19T21:03:19+02:00","magic":"MSVC .res","size":1496,"md5":"a0278cd31818dd47d4f33e942cc081b2","sha1":"a94e81aea03e0469876717ae8115fa71dd7dcbf5","sha256":"1c4fe04028c54552fd2a5437386ce4ae8e9e185ce0760a2f02ecb5948505588a","sha512":"0ded22cb1e6c0ea2ce0309deb8c0486ecdb5b0bc73072785f7fbfa8a530f43ecf5f275a6c9674c53ff9bcb32484d7f125eca58d42fe6efd27617572d219e2653","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMExportD12_Icon.ico","filename":"SMExportD12_Icon.ico","modified":"","Modified":"2023-11-19T21:02:58+02:00","magic":"MS Windows icon resource - 1 icon, 32x32, 4 colors","size":766,"md5":"2a27bf5450cee22a8dca4126e23d1c51","sha1":"b8b050ee7902827421164140a3168e6816e58148","sha256":"c0be832805902f15ac56090060b3760b475534fe4056708837a1951a2bd4de26","sha512":"b6a99d97671acae3c8de6d1ca789b82eebd74a8f178d6c8cc25d5bd4b1d49d07acc277be8e1947eb26caef33aabdec8df91a85e89c4204b2a1bc4080f64e6adc","alerts":{"urlquery":null,"analyzer":null}},{"path":"D12/SMEZipFile.dcu","filename":"SMEZipFile.dcu","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"data","size":30286,"md5":"90339140d56136797709cae1c27010ea","sha1":"d84d0f4ed9266c7a4f3a8f0636211b4f482c4339","sha256":"d3e6aff5b5ea59d46470ebeae5a8baca091aa98d9be8636722b7e2eb9260add0","sha512":"8af89af3d6aab0bbddd9635fa8abfb3448e218b31b2b43ef0cabafcec0dfca5bfc1da342af6821f490b5711aded54b6a7e755cddfb6f50718cb7951421a7a5d0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEZipFile.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}},{"path":"D12/SMEZIPFile.hpp","filename":"SMEZIPFile.hpp","modified":"","Modified":"2023-11-19T21:03:20+02:00","magic":"C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":11823,"md5":"3c1e5b37ef4f39122e3c341c959b41c7","sha1":"ea55314e4c90dd275165c50219148d672a7fbfbf","sha256":"be5f084881512d61094d305808b1971a3bf022a1eca99efe36001bfb674a2606","sha512":"00851f21d8b0f70e53da4dea0a20fb455a401cb47210948fa272f9e14d58e0f0d57dbc228be1f7b6e18675a9a4c412e416568f13116fb6facd4555f3807566ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"DEMOS/link.txt","filename":"link.txt","modified":"","Modified":"2006-01-19T13:13:46+02:00","magic":"ASCII text, with CRLF line terminators","size":103,"md5":"90cdc74435c8f7129093f2c2c416e9c2","sha1":"58134e7bd9f881040c66d4d341bf527d0147382f","sha256":"86f21d6c9e73604a5574cb33ae6df3de482b84b1510cd7c0402d53b936c17177","sha512":"02fb287047353374363db9cad8c8f977f4117f006a3c2b07edc800b99d0e7cbb1b4d9bab5738afba9353dc80a9aeb89e74ec2c0d71e6dbc9fc64ca09e508066b","alerts":{"urlquery":null,"analyzer":null}},{"path":"file_id.diz","filename":"file_id.diz","modified":"","Modified":"2023-11-19T21:31:03+02:00","magic":"ASCII text, with CRLF line terminators","size":171,"md5":"bc595588b3c979b590daefe216d3344f","sha1":"2344fe908686b86e9069f4d0ee429cd2035d7313","sha256":"59afd2924021de7f40831dc3a36a672136a3a9f6eca74848cea45317bd3b9145","sha512":"d9770efbe0576eb4f53b8cffb4b708de2c0473f7e1807d5757e6910a8f68086be625bc1f89f16ec968a6c6884e1d96d3aa02b1dc80764b2b0e558a4a27ec9aad","alerts":{"urlquery":null,"analyzer":null}},{"path":"license.txt","filename":"license.txt","modified":"","Modified":"2003-07-25T16:25:48+02:00","magic":"ASCII text, with CRLF line terminators","size":3232,"md5":"e3808cb5c9338d69ad96fd6b8d67f509","sha1":"e98b5dfb965018c08c3f54a2c161ab64b7a8b6df","sha256":"a823199cf948860bfeb27094f75f17960db976806fe4eddd9e0f8d9639eb9cb9","sha512":"be43e63b370ab3eb552d60b7ec31cd75d651e993908b525d3a2e6d8a248046d3b7dd7cffad094cdf794c3aba2a33374ea7858633d03a88bcd870224562cd0c23","alerts":{"urlquery":null,"analyzer":null}},{"path":"readme.txt","filename":"readme.txt","modified":"","Modified":"2005-05-18T10:48:12+02:00","magic":"ASCII text, with CRLF line terminators","size":2377,"md5":"6a33f353bf37337d0dd229951f9d6c0b","sha1":"a0dfec3a31f9d1bf476c6b848fca2d783a9fbda4","sha256":"bb22e2cfa5c3997fd13f8ffe15739e67ee78187d69dc704b606ace9504a6af7a","sha512":"120ec65ffd45f9e31e0d1c254f6734c6f8d0c6d49916ec373ff2bfb2507a786146541d6c36447465a2c4665d1e71d9d31fcabd3e53013d55ff0a2a951228bd5a","alerts":{"urlquery":null,"analyzer":null}},{"path":"sme.htm","filename":"sme.htm","modified":"","Modified":"2005-05-18T12:36:40+02:00","magic":"HTML document, ISO-8859 text, with very long lines (429), with CRLF line terminators","size":31736,"md5":"90120cfe522ad992c1abcf09cead14bb","sha1":"9ec51f330bc573716c813772d5e65939069b5ff1","sha256":"e00fb0a2d6ff298eba9301ef020ed5696c71926a07eafe9d16229b4abf753a88","sha512":"cf9728fc697dacbc077676836dc4cad5367b8f48a4208444126e44924e2f1f09b104e1f671ac5eb3bbd0cc1e51baeca51eff874c0c288ea10589d46727bf589c","alerts":{"urlquery":null,"analyzer":null}},{"path":"sme.inf","filename":"sme.inf","modified":"","Modified":"2005-05-18T10:49:24+02:00","magic":"Generic INItialization configuration [DSP Support]","size":3879,"md5":"fe043c0f839d34fbf72c827203fbc818","sha1":"d71db54022ba112e8c37198412e4fec7363e5cbd","sha256":"d3d5e51c2179ba9e67b5d2a6447af40cd7efe8fd8640cb6b4338f9ceb1b207d7","sha512":"1c65c13a5575f8c888a0c6cb1aecd9180a81b63e30591e973800349c056fcf9378d7cae952bf5f2ed2ad08bf99412ecf2432bb11a7880123ca6051605838efe0","alerts":{"urlquery":null,"analyzer":null}},{"path":"sme_faq.htm","filename":"sme_faq.htm","modified":"","Modified":"2005-01-10T16:09:36+02:00","magic":"HTML document, ISO-8859 text, with CRLF line terminators","size":33881,"md5":"b0efb2f43896ce2ae0474e6d47179ef6","sha1":"e81810f701d797a8bf015dd90693cf7db7ca88fd","sha256":"c8479c77b41010188e89e15acfd08b2ad5ff143332fa1976d030e069f1901e17","sha512":"c7d68890b7e262d065bc45848f34e0c61950910ebb75bf9d7d3044c48e11056b27f1995c8594a9e1f6c6b9fc745d05ce22ad3fb7cf6024b190797b7e62c6ca63","alerts":{"urlquery":null,"analyzer":null}},{"path":"smexport.cnt","filename":"smexport.cnt","modified":"","Modified":"2003-07-21T12:08:40+02:00","magic":"ASCII text, with CRLF line terminators","size":5704,"md5":"d315791d425d18139123d25a270d4ae6","sha1":"f90774ac348112157e77ae3656f91d4df36dc558","sha256":"ced3247f8fbe1d8f4789c1665898ce5d002233c4859e4a7e73eba7ee16f9b564","sha512":"05c7bb358c4afd83a00a3fad930bd1a0995ac713337b558800af19eea0aea08c8d19f8145c6ebea25292a0e435c19b0988c4fcc648b56bae053441f3ab7c6127","alerts":{"urlquery":null,"analyzer":null}},{"path":"smexport.hlp","filename":"smexport.hlp","modified":"","Modified":"2003-07-21T12:08:40+02:00","magic":"MS Windows 3.1 help, Mon Jul 21 11:08:39 2003, 148237 bytes","size":148237,"md5":"e57734a81adb6a5ca299281f20741bfd","sha1":"d57abac2bef268bcfbce9eb391a62d3867d25ed9","sha256":"daaed4b999fb29fd432537a233ed31f40f2b87c8e98c77b363ee41f29bbcfeb8","sha512":"923b580f0af1e98a4c2aa65143049f98267205cc708a33cd85b413e81647ae53351b92514584d90841d273ae4bd157735b0719b740359b23394bfad0f00ae97a","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/ExportDS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2ADO.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2BDE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2Cell.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2CLP.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DBF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DIF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DOCX.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2DS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2EXML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2HTML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2JSON.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2LDIF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2OLE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PDF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2Pump.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PumpBDE.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2PumpMDB.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2RTF.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SPSS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SQL.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2SYLK.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2TXT.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2WKS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2WQ.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XLS.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XLSX.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SME2XML.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEActns.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngDB.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngEH.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngine.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngLV.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngRZLV.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngSG.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngSM.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngStrings.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngVG.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEEngWW.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEMIME.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEMonitor.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEReg.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMESave.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMESpecs.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEStat.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEUtils.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEWiz.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMExportD12.lib","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-17","alert":"meth_get_eip","trigger":"D12/SMEZipFile.dcu","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:28.221639012Z","timestamp":1718635288221,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"146FE131CF8436E3DE4832A23B351400B4819DBD9B9716302248D3AB447F000C\"\r\nLast-Modified: Sat, 15 Jun 2024 13:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21041\r\nExpires: Mon, 17 Jun 2024 20:32:09 GMT\r\nDate: Mon, 17 Jun 2024 14:41:28 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5c35a3180482afadf4e89f4cc249fa7b","sha1":"8a088c184606fe3e4e0da8cd90b6eb5e6d30fb97","sha256":"146fe131cf8436e3de4832a23b351400b4819dbd9b9716302248d3ab447f000c","sha512":"69ceef04fe4f86da5a1c84e5d5ba164db85d4817e66cd8dabecf0df8ac7d47749f2d6cbed7ac33345f6fb6c984fe97caecec446f5a0914841ca524b9f435c8d9","ssdeep":"","tlshash":"1cf00e1210a6b8f06af101205ff9ed182c64ac9d3c1234e03ce8bdf2a4657e40f8c098","first_seen":"2024-06-15T15:57:10Z","last_seen":"2024-08-19T19:55:02.755491Z","times_seen":41629,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:28.669531965Z","timestamp":1718635288669,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F9A59EBEF1EE608C709B274E1C7BE1320323232CDC79B17BDBF453A5A5AEAD09\"\r\nLast-Modified: Mon, 17 Jun 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11210\r\nExpires: Mon, 17 Jun 2024 17:48:18 GMT\r\nDate: Mon, 17 Jun 2024 14:41:28 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9d139a09a36fce99ece1fb963d49d2a9","sha1":"a7d96d8755d02c7204c147daade1b1168a6ddb73","sha256":"f9a59ebef1ee608c709b274e1c7be1320323232cdc79b17bdbf453a5a5aead09","sha512":"2f3b4b35676cee60aa69c986ce24912bdf1e5d2f893b69833a84884b248c5b16659f4b176d5f289e4c798bc29f13bfad918894f1d1efbde50713dcde03eff35a","ssdeep":"","tlshash":"5cf0c96122e6f89099622202fcc9e20c8fd2ad7f3840a2a0256883d2e0417b283840a8","first_seen":"2024-06-17T13:51:28Z","last_seen":"2024-08-19T19:42:29.906975Z","times_seen":39533,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.scalabium.com/download/sme/sme500d12.zip","fqdn":"www.scalabium.com","domain":"scalabium.com","tld":"com"},"ip":{"addr":"216.120.242.62","port":443,"asn":23535,"as":"HOSTROCKET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-17T14:41:28.789Z","timestamp":1718635288789,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ftp.scalabium.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 May 2024 03:51:50 GMT","end":"Fri, 09 Aug 2024 03:51:49 GMT"},"fingerprint":{"sha1":"38:5C:0A:99:24:10:12:56:CE:AD:3B:11:38:C6:7D:5E:B0:5E:20:26","sha256":"7E:78:19:EA:7E:61:A8:DF:97:6F:A9:43:FE:10:BB:7E:3B:3E:AE:AE:F1:78:E7:82:BC:FA:34:09:F2:67:4E:D6"}}},"request":{"raw":"GET /download/sme/sme500d12.zip HTTP/1.1\r\nHost: www.scalabium.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 19 Nov 2023 19:38:39 GMT\r\netag: \"1aceec-60a8684268b3a\"\r\naccept-ranges: bytes\r\ncontent-length: 1756908\r\ncontent-type: application/zip\r\ndate: Mon, 17 Jun 2024 14:41:29 GMT\r\nserver: Apache/2\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1756908,"size_decoded":1756908,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"64b5840aa7ae225d08567e4dc3e95193","sha1":"91d3ea270fc6e192e17ca9c9aba5ad0d55d75d04","sha256":"6844617d26b19a4a45d0a2a299b304c758345b5f129e4edbcc6cedd05c8c6149","sha512":"55ed6738275495722e991fe1edf2725459afbe2ad50e0383a20f5111820dcdb85b4532de14dca1c598c9e1dcfdd245cc21f75d124f2e4bf53d917b555679e9ec","ssdeep":"24576:J5EL8a2rnaumSnQSrmaITFfegDREUjd83vuaQktcWU57HGEO3vi65eCt7jR+Urv:7IPiQS6awFmg1EUjdCFyWUFHGz3VfjRx","tlshash":"5d8533224b6d2f29c1e3a7fe648f9a0a0c2542bd05d43b0f461a86555653bf77b0fe0e","first_seen":"2024-08-19T19:41:51.412572Z","last_seen":"2024-08-19T19:41:51.412572Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1870,"timings":{"blocked":407,"dns":1,"connect":94,"send":0,"wait":446,"receive":609,"ssl":309},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.197","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:30.847940309Z","timestamp":1718635290847,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2\"\r\nLast-Modified: Sat, 15 Jun 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14618\r\nExpires: Mon, 17 Jun 2024 18:45:08 GMT\r\nDate: Mon, 17 Jun 2024 14:41:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ede0b27def700f18bb6d4eb4c1d97352","sha1":"c802c366cb2eee6b9339349aa21677fdb1bd5fa5","sha256":"18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2","sha512":"b1261e87645eb6cd74edb193283924e437ec388df9d45bad1eb6840a7de3584ca9e0e7ddd04a78b542d85733e76b02f839339e75691cecaf7b1894a7cd0bd35b","ssdeep":"","tlshash":"c8f054021098f99565a306121dfbe3053fb47cf8791c9ac014e488d128a0feca7c4009","first_seen":"2024-06-15T19:33:51Z","last_seen":"2024-08-19T19:54:20.816757Z","times_seen":41892,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.197","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:30.853830881Z","timestamp":1718635290853,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2\"\r\nLast-Modified: Sat, 15 Jun 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14618\r\nExpires: Mon, 17 Jun 2024 18:45:08 GMT\r\nDate: Mon, 17 Jun 2024 14:41:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ede0b27def700f18bb6d4eb4c1d97352","sha1":"c802c366cb2eee6b9339349aa21677fdb1bd5fa5","sha256":"18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2","sha512":"b1261e87645eb6cd74edb193283924e437ec388df9d45bad1eb6840a7de3584ca9e0e7ddd04a78b542d85733e76b02f839339e75691cecaf7b1894a7cd0bd35b","ssdeep":"","tlshash":"c8f054021098f99565a306121dfbe3053fb47cf8791c9ac014e488d128a0feca7c4009","first_seen":"2024-06-15T19:33:51Z","last_seen":"2024-08-19T19:54:20.816757Z","times_seen":41892,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.197","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:30.855860221Z","timestamp":1718635290855,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2\"\r\nLast-Modified: Sat, 15 Jun 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14618\r\nExpires: Mon, 17 Jun 2024 18:45:08 GMT\r\nDate: Mon, 17 Jun 2024 14:41:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ede0b27def700f18bb6d4eb4c1d97352","sha1":"c802c366cb2eee6b9339349aa21677fdb1bd5fa5","sha256":"18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2","sha512":"b1261e87645eb6cd74edb193283924e437ec388df9d45bad1eb6840a7de3584ca9e0e7ddd04a78b542d85733e76b02f839339e75691cecaf7b1894a7cd0bd35b","ssdeep":"","tlshash":"c8f054021098f99565a306121dfbe3053fb47cf8791c9ac014e488d128a0feca7c4009","first_seen":"2024-06-15T19:33:51Z","last_seen":"2024-08-19T19:54:20.816757Z","times_seen":41892,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.197","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:30.857737038Z","timestamp":1718635290857,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2\"\r\nLast-Modified: Sat, 15 Jun 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14618\r\nExpires: Mon, 17 Jun 2024 18:45:08 GMT\r\nDate: Mon, 17 Jun 2024 14:41:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ede0b27def700f18bb6d4eb4c1d97352","sha1":"c802c366cb2eee6b9339349aa21677fdb1bd5fa5","sha256":"18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2","sha512":"b1261e87645eb6cd74edb193283924e437ec388df9d45bad1eb6840a7de3584ca9e0e7ddd04a78b542d85733e76b02f839339e75691cecaf7b1894a7cd0bd35b","ssdeep":"","tlshash":"c8f054021098f99565a306121dfbe3053fb47cf8791c9ac014e488d128a0feca7c4009","first_seen":"2024-06-15T19:33:51Z","last_seen":"2024-08-19T19:54:20.816757Z","times_seen":41892,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.197","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-17T14:41:30.858728286Z","timestamp":1718635290858,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2\"\r\nLast-Modified: Sat, 15 Jun 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14618\r\nExpires: Mon, 17 Jun 2024 18:45:08 GMT\r\nDate: Mon, 17 Jun 2024 14:41:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ede0b27def700f18bb6d4eb4c1d97352","sha1":"c802c366cb2eee6b9339349aa21677fdb1bd5fa5","sha256":"18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2","sha512":"b1261e87645eb6cd74edb193283924e437ec388df9d45bad1eb6840a7de3584ca9e0e7ddd04a78b542d85733e76b02f839339e75691cecaf7b1894a7cd0bd35b","ssdeep":"","tlshash":"c8f054021098f99565a306121dfbe3053fb47cf8791c9ac014e488d128a0feca7c4009","first_seen":"2024-06-15T19:33:51Z","last_seen":"2024-08-19T19:54:20.816757Z","times_seen":41892,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}