{"id":7687,"date":"2024-04-25T07:07:47","date_gmt":"2024-04-25T07:07:47","guid":{"rendered":"\/cybersecurity-blog\/?p=7687"},"modified":"2025-03-06T05:45:09","modified_gmt":"2025-03-06T05:45:09","slug":"yara-search","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/","title":{"rendered":"Find Malware by File Contents with YARA Search: Our New Threat Intelligence Service"},"content":{"rendered":"\n<p>Today, we&#8217;re excited to announce a new service in ANY.RUN \u2014 <a href=\"https:\/\/intelligence.any.run\/analysis\/yara\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=yara_search&amp;utm_term=250424&amp;utm_content=linktoyarasearch\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>YARA Search<\/strong><\/a>.&nbsp;<\/p>\n\n\n\n<p>YARA Search offers a way to identify threats that differs from our <a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=yara_search&amp;utm_term=250424&amp;utm_content=linktolookuplanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>. While TI Lookup allows you to search for related threat data using individual indicators like IP addresses or event fields, YARA Search analyzes the contents of files themselves.&nbsp;<\/p>\n\n\n\n<p>This is a completely new way to search <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=yara_search&amp;utm_term=250424&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s threat intelligence database, and a new addition to our range of threat intelligence tools \u2014 in true ANY.RUN fashion, giving you quick access to information from real-world data.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"564\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-1024x564.png\" alt=\"\" class=\"wp-image-7688\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-1024x564.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-768x423.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-1536x847.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-2048x1129.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image-1-740x408.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is ANY.RUN\u2019s YARA Search&nbsp;<\/h2>\n\n\n\n<p>In a nutshell, YARA is a tool that helps malware analysts find files by creating detailed descriptions based on regular expressions, textual patterns, or binary signatures. With YARA rules, you can, essentially, describe malware and then find files that match your descriptions.&nbsp;<\/p>\n\n\n\n<p>YARA Search allows you to scan our threat intelligence database, holding extensive volumes of data collected by thousands of researchers who analyze real-world samples from around the globe, as well as our in-house team of malware analysts.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGet started with <span class=\"highlight\">YARA Search<\/span> today <br>and unlock its full potential!&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=yara_search&#038;utm_term=250424&#038;utm_content=linktotipricing\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>But that&#8217;s not all \u2013 YARA Search also allows you to write, edit, test, download, and manage your rules seamlessly within ANY.RUN, using your existing TI Lookup quota for searches.&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Find malicious files that match your YARA rules.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>See how these files operate within a system and explore examples of their real-world attack scenarios through associated recordings of sandbox analysis sessions.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Download the identified files for further in-depth analysis.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">How to access YARA Search&nbsp;<\/h2>\n\n\n\n<p>Getting started with YARA Search is easy \u2014 we offer 20 free trial requests to all ANY.RUN users with a paid plan (That&#8217;s <a href=\"https:\/\/any.run\/cybersecurity-blog\/subscriptions-hunter-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hunter<\/a>, or <a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-enterprise-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise<\/a>) so you can try this service.<\/p>\n\n\n\n<p>And if you&#8217;re already a paid user of our TI Lookup service, you&#8217;ll be pleased to know that YARA Search shares the same request quota. So you can start using it right away as part of your existing subscription.<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=yara_search&amp;utm_term=250424&amp;utm_content=linktotipricing\/\" target=\"_blank\" rel=\"noreferrer noopener\">Get a quote \u2192<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">YARA Search capabilities&nbsp;<\/h2>\n\n\n\n<p>In ANY.RUN&#8217;s YARA Search, you&#8217;ll not only be able to search for files by running multiple searches in parallel, but also write and debug your YARA rules with ease in a robust online editor featuring syntax highlighting. Here&#8217;s what\u2019s included with YARA Search:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-1024x589.png\" alt=\"\" class=\"wp-image-7689\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-1024x589.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-300x173.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-768x442.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-1536x883.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-2048x1178.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-370x213.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image6-740x426.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Search for processes and associated sandbox analysis sessions by file contents&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fast search and ability to run multiple searches at once&nbsp;<\/h3>\n\n\n\n<p>Receive initial search results from our threat data database in under 5 seconds. Moreover, you can run multiple searches simultaneously or utilize the TI Lookup while your YARA search is executing, simply by switching between tabs.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"268\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-1024x268.png\" alt=\"\" class=\"wp-image-7690\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-1024x268.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-300x79.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-768x201.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-1536x403.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-2048x537.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-370x97.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-270x71.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image7-740x194.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After running your YARA search, you&#8217;ll receive a clear breakdown of results, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Matched files.&nbsp;<\/li>\n\n\n\n<li>Processes against which the rule was triggered&nbsp;<\/li>\n\n\n\n<li>Associated tags.&nbsp;<\/li>\n\n\n\n<li>File hashes&nbsp;<\/li>\n\n\n\n<li>A list of sandbox analysis sessions that match the YARA rule.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>At any time, you can click on the process to browse the associated recording of the analysis session in the ANY.RUN sandbox or download a file for further local analysis.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A powerful online editor&nbsp;<\/h3>\n\n\n\n<p>Integrated editor makes it easy to create, save, and edit your YARA rules. It features syntax highlighting and a tabbed interface, allowing you to work on multiple rules simultaneously.&nbsp;<\/p>\n\n\n\n<p>YARA has its own language with specific syntax, and like all programming languages, mistakes can happen when writing rules.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"360\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-1024x360.png\" alt=\"\" class=\"wp-image-7691\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-1024x360.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-300x105.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-768x270.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-1536x540.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-2048x720.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-370x130.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-270x95.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image8-740x260.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In ANY.RUN YARA Search, these errors are easy to spot and correct. If you make a mistake, the service will display a descriptive error message highlighting what went wrong, so you&#8217;ll never be left scratching your head wondering why your rule isn&#8217;t working.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nEasily debug rules in an online editor in <span class=\"highlight\">YARA Search<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=yara_search&#038;utm_term=250424&#038;utm_content=linktotipricing\/\" rel=\"noopener\" target=\"_blank\">\nContact Sales\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-1024x579.png\" alt=\"\" class=\"wp-image-7692\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-1024x579.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-768x434.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-1536x869.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-2048x1159.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/image9-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Analysis tools for every use case&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN is known for giving researchers quick and easy access to threat information, and YARA Search is no exception. We have carefully designed the interface to give you analysis options.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For each matched file, you can bring up the Static Discovering window \u2014 the same as in our sandbox \u2014 and view metadata such as TrID, EXIF data, file hex values, and it&#8217;s clear text and PE information \u2014 all without leaving the YARA Search page.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You can also download matched files to analyze them in depth within your system, and reverse engineer them if necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How YARA Search help you find real examples of malware usage&nbsp;<\/h2>\n\n\n\n<p>We share some of the YARA rules with the community through <a href=\"https:\/\/github.com\/anyrun\/YARA\/\" target=\"_blank\" rel=\"noreferrer noopener\">our public repository on GitHub<\/a>. You can copy these rules directly and use them to detect threats. &nbsp;<\/p>\n\n\n\n<p>For our example, we will choose a <a href=\"https:\/\/github.com\/anyrun\/YARA\/blob\/main\/RisePro.yar\" target=\"_blank\" rel=\"noreferrer noopener\">simple rule<\/a> from our repository consisting of only one HEX string to detect the notorious malware family, RisePro:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code style=\"white-space: pre-wrap;\"><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"background-color: transparent; color: windowtext; -webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\"><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">rule <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlSpellingErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjRweCIgdmlld0JveD0iMCAwIDUgNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTYuMiAoODE2NzIpIC0gaHR0cHM6Ly9za2V0Y2guY29tIC0tPgogICAgPHRpdGxlPnNwZWxsaW5nX3NxdWlnZ2xlPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGcgaWQ9IkZsYWdzIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTAxMC4wMDAwMDAsIC0yOTYuMDAwMDAwKSIgaWQ9InNwZWxsaW5nX3NxdWlnZ2xlIj4KICAgICAgICAgICAgPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTAxMC4wMDAwMDAsIDI5Ni4wMDAwMDApIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDMgQzEuMjUsMyAxLjI1LDEgMi41LDEgQzMuNzUsMSAzLjc1LDMgNSwzIiBpZD0iUGF0aCIgc3Ryb2tlPSIjRUIwMDAwIiBzdHJva2Utd2lkdGg9IjEiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUiIHg9IjAiIHk9IjAiIHdpZHRoPSI1IiBoZWlnaHQ9IjQiPjwvcmVjdD4KICAgICAgICAgICAgPC9nPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+')); border-bottom: 1px solid transparent;\">RisePro<\/span><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\"> {<\/span><\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"background-color: transparent; color: windowtext; -webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><div class=\"OutlineElement Ltr SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; clear: both; cursor: text; overflow: visible; position: relative; direction: ltr; color: rgb(0, 0, 0); font-family: &quot;Segoe UI&quot;, &quot;Segoe UI Web&quot;, Arial, Verdana, sans-serif; font-size: 12px; white-space-collapse: collapse; background-color: rgb(255, 255, 255);\"><p class=\"Paragraph SCXW186481666 BCX0\" data-ccp-border-top=\"0.6666666666666666px solid #000000\" data-ccp-padding-top=\"5.333333333333333px\" data-ccp-border-bottom=\"0.6666666666666666px solid #000000\" data-ccp-padding-bottom=\"5.333333333333333px\" xml:lang=\"RU-RU\" lang=\"RU-RU\" paraid=\"1138293326\" paraeid=\"{04a4a0d1-e2ad-4a7e-bc5b-9cc5ea2139f3}{79}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 5.33333px; user-select: text; overflow-wrap: break-word; white-space-collapse: preserve; border-left: 0.666667px solid rgb(0, 0, 0); border-right: 0.666667px solid rgb(0, 0, 0); vertical-align: baseline; font-kerning: none; background-color: transparent; color: windowtext;\"><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">meta:<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">author = \"ANY.RUN\"<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\"><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">description = \"Detects <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlSpellingErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjRweCIgdmlld0JveD0iMCAwIDUgNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTYuMiAoODE2NzIpIC0gaHR0cHM6Ly9za2V0Y2guY29tIC0tPgogICAgPHRpdGxlPnNwZWxsaW5nX3NxdWlnZ2xlPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGcgaWQ9IkZsYWdzIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTAxMC4wMDAwMDAsIC0yOTYuMDAwMDAwKSIgaWQ9InNwZWxsaW5nX3NxdWlnZ2xlIj4KICAgICAgICAgICAgPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTAxMC4wMDAwMDAsIDI5Ni4wMDAwMDApIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDMgQzEuMjUsMyAxLjI1LDEgMi41LDEgQzMuNzUsMSAzLjc1LDMgNSwzIiBpZD0iUGF0aCIgc3Ryb2tlPSIjRUIwMDAwIiBzdHJva2Utd2lkdGg9IjEiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUiIHg9IjAiIHk9IjAiIHdpZHRoPSI1IiBoZWlnaHQ9IjQiPjwvcmVjdD4KICAgICAgICAgICAgPC9nPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+')); border-bottom: 1px solid transparent;\">RisePro<\/span><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\"> (stealer version)\"<\/span><\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">date = \"2023-11-27\"<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\"><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">reference = \"https:\/\/<\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlSpellingErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjRweCIgdmlld0JveD0iMCAwIDUgNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTYuMiAoODE2NzIpIC0gaHR0cHM6Ly9za2V0Y2guY29tIC0tPgogICAgPHRpdGxlPnNwZWxsaW5nX3NxdWlnZ2xlPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGcgaWQ9IkZsYWdzIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTAxMC4wMDAwMDAsIC0yOTYuMDAwMDAwKSIgaWQ9InNwZWxsaW5nX3NxdWlnZ2xlIj4KICAgICAgICAgICAgPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTAxMC4wMDAwMDAsIDI5Ni4wMDAwMDApIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDMgQzEuMjUsMyAxLjI1LDEgMi41LDEgQzMuNzUsMSAzLjc1LDMgNSwzIiBpZD0iUGF0aCIgc3Ryb2tlPSIjRUIwMDAwIiBzdHJva2Utd2lkdGg9IjEiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUiIHg9IjAiIHk9IjAiIHdpZHRoPSI1IiBoZWlnaHQ9IjQiPjwvcmVjdD4KICAgICAgICAgICAgPC9nPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+')); border-bottom: 1px solid transparent;\">any.run<\/span><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">\/cybersecurity-blog\/<\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlSpellingErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjRweCIgdmlld0JveD0iMCAwIDUgNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTYuMiAoODE2NzIpIC0gaHR0cHM6Ly9za2V0Y2guY29tIC0tPgogICAgPHRpdGxlPnNwZWxsaW5nX3NxdWlnZ2xlPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGcgaWQ9IkZsYWdzIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTAxMC4wMDAwMDAsIC0yOTYuMDAwMDAwKSIgaWQ9InNwZWxsaW5nX3NxdWlnZ2xlIj4KICAgICAgICAgICAgPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTAxMC4wMDAwMDAsIDI5Ni4wMDAwMDApIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDMgQzEuMjUsMyAxLjI1LDEgMi41LDEgQzMuNzUsMSAzLjc1LDMgNSwzIiBpZD0iUGF0aCIgc3Ryb2tlPSIjRUIwMDAwIiBzdHJva2Utd2lkdGg9IjEiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUiIHg9IjAiIHk9IjAiIHdpZHRoPSI1IiBoZWlnaHQ9IjQiPjwvcmVjdD4KICAgICAgICAgICAgPC9nPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+')); border-bottom: 1px solid transparent;\">risepro<\/span><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">-malware-communication-analysis\/\"<\/span><\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">strings:<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\"><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\">$ = <\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlContextualSpellingAndGrammarErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjNweCIgdmlld0JveD0iMCAwIDUgMyIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTUuMiAoNzgxODEpIC0gaHR0cHM6Ly9za2V0Y2hhcHAuY29tIC0tPgogICAgPHRpdGxlPmdyYW1tYXJfZG91YmxlX2xpbmU8L3RpdGxlPgogICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+CiAgICA8ZyBpZD0iZ3JhbW1hcl9kb3VibGVfbGluZSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIj4KICAgICAgICA8ZyBpZD0iR3JhbW1hci1UaWxlLUNvcHkiIHN0cm9rZT0iIzMzNTVGRiI+CiAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDAuNSBMNSwwLjUiIGlkPSJMaW5lLTItQ29weS0xMCI+PC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMCwyLjUgTDUsMi41IiBpZD0iTGluZS0yLUNvcHktMTEiPjwvcGF0aD4KICAgICAgICA8L2c+CiAgICA8L2c+Cjwvc3ZnPg==')); border-bottom: 1px solid transparent;\">{ 74<\/span><span class=\"NormalTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text;\"> 2e 6d 65 2f 52 69 73 65 50 72 6f 53 55 50 50 4f 52 <\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-repeat: repeat-x; background-position: left bottom; background-image: var(--urlContextualSpellingAndGrammarErrorV2, url('data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNXB4IiBoZWlnaHQ9IjNweCIgdmlld0JveD0iMCAwIDUgMyIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDwhLS0gR2VuZXJhdG9yOiBTa2V0Y2ggNTUuMiAoNzgxODEpIC0gaHR0cHM6Ly9za2V0Y2hhcHAuY29tIC0tPgogICAgPHRpdGxlPmdyYW1tYXJfZG91YmxlX2xpbmU8L3RpdGxlPgogICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+CiAgICA8ZyBpZD0iZ3JhbW1hcl9kb3VibGVfbGluZSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIj4KICAgICAgICA8ZyBpZD0iR3JhbW1hci1UaWxlLUNvcHkiIHN0cm9rZT0iIzMzNTVGRiI+CiAgICAgICAgICAgIDxwYXRoIGQ9Ik0wLDAuNSBMNSwwLjUiIGlkPSJMaW5lLTItQ29weS0xMCI+PC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMCwyLjUgTDUsMi41IiBpZD0iTGluZS0yLUNvcHktMTEiPjwvcGF0aD4KICAgICAgICA8L2c+CiAgICA8L2c+Cjwvc3ZnPg==')); border-bottom: 1px solid transparent;\">54 }<\/span><\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">condition:<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-variant-ligatures: none !important; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\"><\/span><span class=\"TabRun IPSelectionBlob BlobObject DragDrop SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; font-family: Calibri, sans-serif; font-size: 11pt; position: relative; white-space: nowrap; width: 0px;\"><span class=\"TabChar SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; display: inline-block; white-space-collapse: preserve !important;\">\t<\/span><span class=\"TabLeaderChars SCXW186481666 BCX0\" aria-hidden=\"true\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: none; display: inline-block; left: 0px; position: absolute; top: 0px; white-space-collapse: preserve !important;\"><\/span><\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">any of them<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun SCXW186481666 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif; font-variant-ligatures: none !important;\">}<\/span><span class=\"EOP SCXW186481666 BCX0\" data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:1,&quot;335551620&quot;:1,&quot;335559737&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259,&quot;335572071&quot;:4,&quot;335572072&quot;:4,&quot;335572073&quot;:0,&quot;335572075&quot;:4,&quot;335572076&quot;:4,&quot;335572077&quot;:0,&quot;335572079&quot;:4,&quot;335572080&quot;:4,&quot;335572081&quot;:0,&quot;335572083&quot;:4,&quot;335572084&quot;:4,&quot;335572085&quot;:0,&quot;469789798&quot;:&quot;single&quot;,&quot;469789802&quot;:&quot;single&quot;,&quot;469789806&quot;:&quot;single&quot;,&quot;469789810&quot;:&quot;single&quot;}\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; font-size: 11pt; line-height: 19.425px; font-family: Calibri, Calibri_EmbeddedFont, Calibri_MSFontService, sans-serif;\">\u00a0<\/span><\/p><\/div><\/code><\/pre>\n\n\n\n<p>Let\u2019s paste this Rule into YARA search and see what we can find:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-1024x584.png\" alt=\"\" class=\"wp-image-7700\" style=\"width:652px;height:371px\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-1024x584.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-768x438.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-1536x876.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-2048x1168.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/04\/5-4-740x422.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Within seconds we found over a thousand files infected with this malware. From here, we can download them to study the files locally, or open associated sandbox analysis sessions to learn more about what RisePro does after it infects a system.&nbsp;<\/p>\n\n\n\n<p>Please note that if the search is too complex, it will not be processed. In order to continue the search, the user must simplify the search criteria. &nbsp;<\/p>\n\n\n\n<p>Also note that sometimes the tasks found may not contain the tag of the searched malware, because this malware family was not detected when the sample was submitted to our service.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Get started with YARA Search today&nbsp;<\/h2>\n\n\n\n<p>Over 400,000 cybersecurity professionals trust ANY.RUN to analyze and detect malware. Our flagship product, an interactive malware analysis sandbox, simplifies threat research on both Windows and Linux.&nbsp; Our threat intelligence products, TI Lookup, TI Feeds \u2014 and now YARA Search \u2014 give you powerful tools to search for threat data.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Because all of these products are tightly integrated, our TI products can scan information from sandbox research sessions performed by the vast community of researchers. This gives you the ability to find unique, real-world examples of malware and see how hackers have used it in real-world attacks.&nbsp;<\/p>\n\n\n\n<p>If you are interested in integrating YARA Search into your security team, contact us to get started.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=yara_search&amp;utm_term=250424&amp;utm_content=linktotipricing\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enquire about YARA Search \u2192&nbsp;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we&#8217;re excited to announce a new service in ANY.RUN \u2014 YARA Search.&nbsp; YARA Search offers a way to identify threats that differs from our TI Lookup. While TI Lookup allows you to search for related threat data using individual indicators like IP addresses or event fields, YARA Search analyzes the contents of files themselves.&nbsp; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7716,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,55],"class_list":["post-7687","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-release"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Find Malware by File Contents with YARA Search<\/title>\n<meta name=\"description\" content=\"Explore the new YARA Search tool from ANY.RUN. Find relevant malware samples using your own YARA rules and study them in the sandbox.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"y.shvetsov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\"},\"author\":{\"name\":\"y.shvetsov\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Find Malware by File Contents with YARA Search: Our New Threat Intelligence Service\",\"datePublished\":\"2024-04-25T07:07:47+00:00\",\"dateModified\":\"2025-03-06T05:45:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\"},\"wordCount\":1091,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\",\"name\":\"Find Malware by File Contents with YARA Search\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-04-25T07:07:47+00:00\",\"dateModified\":\"2025-03-06T05:45:09+00:00\",\"description\":\"Explore the new YARA Search tool from ANY.RUN. Find relevant malware samples using your own YARA rules and study them in the sandbox.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Find Malware by File Contents with YARA Search: Our New Threat Intelligence Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"y.shvetsov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"caption\":\"y.shvetsov\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Find Malware by File Contents with YARA Search","description":"Explore the new YARA Search tool from ANY.RUN. Find relevant malware samples using your own YARA rules and study them in the sandbox.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/","twitter_misc":{"Written by":"y.shvetsov","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/"},"author":{"name":"y.shvetsov","@id":"https:\/\/any.run\/"},"headline":"Find Malware by File Contents with YARA Search: Our New Threat Intelligence Service","datePublished":"2024-04-25T07:07:47+00:00","dateModified":"2025-03-06T05:45:09+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/"},"wordCount":1091,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/yara-search\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/","url":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/","name":"Find Malware by File Contents with YARA Search","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-04-25T07:07:47+00:00","dateModified":"2025-03-06T05:45:09+00:00","description":"Explore the new YARA Search tool from ANY.RUN. Find relevant malware samples using your own YARA rules and study them in the sandbox.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/yara-search\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/yara-search\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Find Malware by File Contents with YARA Search: Our New Threat Intelligence Service"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"y.shvetsov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","caption":"y.shvetsov"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7687"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=7687"}],"version-history":[{"count":19,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7687\/revisions"}],"predecessor-version":[{"id":12034,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/7687\/revisions\/12034"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/7716"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=7687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=7687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=7687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}