{"Win.Dropper.Barys-7914367-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "process-requested-softice", "hashes": ["c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "registry-autorun-key-modified", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-system-dir", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-compound-cta-activity", "hashes": ["8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-query-nxdomain", "hashes": ["d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xtreme-rat-registry-key", "hashes": ["8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "disables-security-center-notifications", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "potential-registry-persistence", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-protocol", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-calls-activex-object", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-encrypt-decrypt", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "decoy-wpfv", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0001", "T1193"]}, {"bi": "windows-util-attrib-hide", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "malware-darkcomet-detected", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": []}, {"bi": "file-attribute-modification", "hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "pe-encrypted-section", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "registry-hide-files", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-disablesuac", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialcs", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-header-overlap", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-checksum", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "pe-header-numofsymbols", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-file-external-drive", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "disables-windows-firewall", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-sality-mutex", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": []}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-ie-work-offline-settings-modified", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0040", "T1498"]}, {"bi": "system-startup-file-modification", "hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "malware-svchost-misspell", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "mitre_attack_tags": []}, {"bi": "malware-ufr-mutex-detected", "hashes": ["2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "startup-folder-modification", "hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "startup-folder-lnk-file", "hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "mitre_attack_tags": ["TA0003", "T1060"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This is a trojan and downloader that allows malicious actors to upload files to a victim's computer.", "hashes": ["2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "iocs": {"domain": [{"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "schema[.]org"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "www[.]google-analytics[.]com"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "stats[.]g[.]doubleclick[.]net"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "github[.]com"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "avatars1[.]githubusercontent[.]com"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "az725175[.]vo[.]msecnd[.]net"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "aka[.]ms"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "avatars3[.]githubusercontent[.]com"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "developercommunity[.]visualstudio[.]com"}, {"hashes": ["d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686"], "host": "horses[.]ru-loading[.]ru"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "cdn[.]speedcurve[.]com"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "host": "w[.]usabilla[.]com"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "host": "panicofas[.]no-ip[.]org"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "host": "matheustkt[.]no-ip[.]biz"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "host": "laotra[.]no-ip[.]info"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "host": "fedoshka[.]no-ip[.]biz"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "host": "fedosh[.]np-ip[.]biz"}], "file": [{"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"], "path": "%TEMP%\\x.html"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "%SystemRoot%\\system.ini"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%TEMP%\\XX--XX--XX.txt"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%TEMP%\\UuU.uUu"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%TEMP%\\XxX.xXx"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "E:\\autorun.inf"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "path": "%SystemRoot%\\InstallDir"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%SystemRoot%\\Microsoft"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%APPDATA%\\InstallDir"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "%SystemRoot%\\Microsoft\\server.exe"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%APPDATA%\\InstallDir\\Server.exe"}, {"hashes": ["9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"], "path": "%LOCALAPPDATA%\\Microsoft\\svchost.exe"}, {"hashes": ["9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"], "path": "\\TEMP\\svchost.exe"}, {"hashes": ["2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"], "path": "\\TEMP\\ufr_reports"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "\\autorun.inf"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft.lnk"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "path": "\\TEMP\\server.exe"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "path": "%TEMP%\\~PIB27.tmp"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "path": "%TEMP%\\~PIBD3.tmp"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "path": "%TEMP%\\PIC_1187696292_8.JPG"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "E:\\wtjnrl.exe"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "%TEMP%\\winetaly.exe"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "\\tsrirn.exe"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "path": "\\wtjnrl.exe"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.cfg"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "path": "%SystemRoot%\\InstallDir\\svhost.exe"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.dat"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"], "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.dat"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inicio.exe"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.cfg"}], "ip": [{"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "151[.]101[.]194[.]217"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "152[.]199[.]4[.]33"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "20[.]36[.]253[.]92"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "151[.]101[.]128[.]133"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "151[.]101[.]192[.]133"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "23[.]6[.]69[.]99"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "172[.]217[.]5[.]238"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "34[.]232[.]187[.]93"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "140[.]82[.]112[.]3"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "172[.]253[.]63[.]156"}, {"hashes": ["2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"], "ip": "31[.]170[.]160[.]103"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "ip": "104[.]108[.]100[.]37"}], "mutex": [{"hashes": ["3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "name": "XTREMEUPDATE"}, {"hashes": ["2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"], "name": "UFR3"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "name": "DCPERSFWBP"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "name": "***MUTEX***"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "name": "***MUTEX***_PERSIST"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "name": "***MUTEX***_SAIR"}, {"hashes": ["8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"], "name": "Local\\https://docs.microsoft.com/"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "name": "<process name>.exeM_<pid>_"}, {"hashes": ["5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"], "name": "Global\\7f980f81-a05d-11ea-a007-00501e3ae7b5"}, {"hashes": ["6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f"], "name": "VuTPb9wJrPERSIST"}, {"hashes": ["ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"], "name": "Global\\75044201-a0cb-11ea-a007-00501e3ae7b5"}, {"hashes": ["2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13"], "name": "Global\\74e73481-a0cb-11ea-a007-00501e3ae7b5"}, {"hashes": ["9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"], "name": "Global\\79274761-a0cb-11ea-a007-00501e3ae7b5"}, {"hashes": ["8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"], "name": "TcCqgkPERSIST"}, {"hashes": ["8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"], "name": "SDASDDSASD"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "name": "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9M_372_"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "name": "AjnwBYmPERSIST"}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "name": "AjnwBYmEXIT"}], "registry": [{"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": null}, {"hashes": ["fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_951"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_951"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_952"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_952"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_953"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_953"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_954"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_955"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_955"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_956"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_957"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_957"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_958"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_959"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_960"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_960"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_961"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_962"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_963"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_964"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_964"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_965"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_966"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_967"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_968"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_969"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_969"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_970"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_971"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_972"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_972"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_973"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_973"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_974"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_974"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_975"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_976"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_976"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_977"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_977"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_978"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_979"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_980"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A2_980"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_981"}, {"hashes": ["70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"], "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", "value_name": "A1_982"}]}, "reports_count": 19}, "Win.Dropper.DarkComet-7945051-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-paragraphs", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-shared", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-hollowing-detected", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "modified-file-in-user-dir", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "process-requested-softice", "hashes": ["ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "malware-darkcomet-detected", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "windows-util-attrib-hide", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "file-attribute-modification", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-dynamic-domain", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "pe-packed-upx", "hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-on-usb", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-query-nxdomain", "hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-encrypted-section", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "files-deleted-used-batch", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-check-opera-appdata-folder", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "created-executable-on-usb", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "feed-domain-rat", "hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-editor-disabled", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "disables-security-center-notifications", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-cybergate-rat", "hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-opendns-malicious", "hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-misspell-binary", "hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "potential-registry-persistence", "hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xtreme-rat-registry-key", "hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "document-decoy-dropped", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-file-modifications", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "file-handler-registration", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0003", "T1042"]}, {"bi": "recycler-file-creation", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "process-read-ie-cookies", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-deletes-many-files", "hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-protocol", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-calls-activex-object", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-encrypt-decrypt", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "8a66db1a43f67412d02ea59872444b44edc3e9747ca0d244bc81680a9741256d", "92e9d2dd4ddf6ffb2b760ef22715f8558737a3c9cfaec0177f5d71f7cf2bc8d5", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "992086a58afc0645e976496d672e66679c272167fc6d20ea9f3aae2bd0f42d13", "994b44cf7e2467dbd95eb3c8df6f2699ab4442364917d7c641fbfa90a26a2390", "a07ebce0c65b9da908a7eca884a952a2f1b171b07ae6c34df0a167b24791fb0d", "a277114e0bb75f388acd5a7ef297b7da8920dfe72af8e8e2fc0080dd4cf74344", "a6abfe821f4a0da6ff97c094bb92a88318c84b7ab8738795706d220b3f1b785b", "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "af7ce9fd8dd8a70b798fa437b31aa50b12223891b4058952fadbf9c82f79736a", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "b3976652a188a7c71e0e59507532b9ff25100a953cf6b465a0f09b7d2016b5f2", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "be6356e2c499f57df5e5c39f53a0ea8592a07a68188af9d4ae32ae8e10ab67db", "bfd75a8d3c77ab2552cf051f8f722221ec1c4a453e0fa01944dd2c9d9e4d0cb9", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", "cf93e6e677dc2ab70926372c1716a2413129eae190f771d8232ee88694a824ea", "d5d10cde8b33c413a0394f65e177fda049d3b73d583aa05334466ee20f9a2edb", "d6e93570f074ca1182478f151b393c9d9f8bd3aa91ca7097891ab671a8ce30e1", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "da515b01e95f27c67c01f71005bf42713ced58cbf6f2b5f53c36e465fad3a95e", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "e7c319c4410bb1057e40a92abe4c0d15e8f9b6d297a85ad658461d851741b39e", "e7ce36bfe35203e67072cb86e1a9cb4848f837bccc2318de3b27586fef4364c0", "eb3b2de42768e4129acce3cedff0de9d663a77f77b3c68af682e5f5f94b0b86a", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "f1e64796cd9af7b18727e7784485626f9a4fa87aab61ecd509417b8c36345766", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", "f7f74b86ed08220d18429df10ec7e25fbe97bca9af5183bdcfc802e550d37f58", "f94a76f81541afdfd26ec9ba1ceee6e650c8aed7a47579d4bad6fce9608da50c", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", "fbc3997fdc75603a092d22c21b718cd1b8ef1d0944d5fdc97b62fe19a6ac296e"], "iocs": {"domain": [{"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "host": "mantwhouse[.]no-ip[.]info"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "host": "www[.]000webhost[.]com"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"], "host": "caglar0201[.]no-ip[.]biz"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "host": "private55[.]uphero[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "schema[.]org"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "www[.]google-analytics[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "stats[.]g[.]doubleclick[.]net"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "github[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "avatars1[.]githubusercontent[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "az725175[.]vo[.]msecnd[.]net"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "aka[.]ms"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "avatars3[.]githubusercontent[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "developercommunity[.]visualstudio[.]com"}, {"hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "host": "9000x[.]ignorelist[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "cdn[.]speedcurve[.]com"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "host": "w[.]usabilla[.]com"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"], "host": "gloryday777[.]ddns[.]net"}, {"hashes": ["5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113"], "host": "leontopodium[.]noip[.]me"}, {"hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "host": "gelegele[.]ddns[.]net"}, {"hashes": ["d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95"], "host": "hackermtsystem[.]ddns[.]net"}, {"hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "host": "exad[.]noip[.]me"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "host": "parfumnext[.]zapto[.]org"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "host": "parfumlex[.]zapto[.]org"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "host": "parfumsex[.]zapto[.]org"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "host": "parfumerus[.]no-ip[.]biz"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "host": "parfumlove[.]zapto[.]org"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "host": "joker2134[.]no-ip[.]org"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "host": "foragidos[.]no-ip[.]org"}, {"hashes": ["31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98"], "host": "manu777[.]net76[.]net"}], "file": [{"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\8984ef1fcc24342f5531acc4001616a5_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\8984ef1fcc24342f5531acc4001616a5_8f793a96-da80-4751-83f9-b23d8b735fb1"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "\\autorun.inf"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "\\Adobe Photoshop CS6 Keygen.exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "\\1.exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "E:\\autorun.inf"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "\\TEMP\\1.exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "E:\\Adobe Photoshop CS6 Keygen.exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "%TEMP%\\gfdgfd.Exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}\\dll.exe"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "path": "\\x.bat"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "path": "%TEMP%\\XX--XX--XX.txt"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "path": "%TEMP%\\UuU.uUu"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "path": "%TEMP%\\XxX.xXx"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%HOMEPATH%\\                      .txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%HOMEPATH%\\Local Settings\\                      .txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows Media\\9.0\\                      .txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows\\                      .txt"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "path": "%TEMP%\\Administrator7"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "path": "%TEMP%\\Administrator8"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "path": "%TEMP%\\Administrator2.txt"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "path": "%SystemRoot%\\Microsoft\\svchost.exe"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "path": "%APPDATA%\\Administratorlog.dat"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"], "path": "%TEMP%\\MSDCSC\\msdcsc.exe"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "\\$Recycle.Bin\\<user SID>\\$<random, matching '[A-Z0-9]{7}'>.txt"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "path": "%TEMP%\\Trade Hacker.exe"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Java\\jre8\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\MSBuild\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Colors\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Effects\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Fonts\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\\u00ca\u00c0\u00ca \u00d0\u00c0\u00d1\u00d8\u00c8\u00d4\u00d0\u00ce\u00c2\u00c0\u00d2\u00dc \u00d4\u00c0\u00c9\u00cb\u00db.txt"}, {"hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "path": "%APPDATA%\\wuaclt.exe"}], "ip": [{"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "ip": "153[.]92[.]0[.]100"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "ip": "104[.]20[.]67[.]46"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "151[.]101[.]194[.]217"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "152[.]199[.]4[.]33"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "20[.]36[.]253[.]92"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "151[.]101[.]128[.]133"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "23[.]218[.]140[.]208"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "140[.]82[.]114[.]3"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "23[.]6[.]69[.]99"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "172[.]217[.]5[.]238"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "52[.]201[.]110[.]209"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "ip": "172[.]253[.]63[.]155"}], "mutex": [{"hashes": ["18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"], "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "Administrator5"}, {"hashes": ["2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "Administrator1"}, {"hashes": ["2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "Administrator4"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"], "name": "DCPERSFWBP"}, {"hashes": ["1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"], "name": "Local\\https://docs.microsoft.com/"}, {"hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "name": "IPKPMTX"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "name": "Microsoft"}, {"hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "name": "LFO701A1756D"}, {"hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "name": "LFO701A1756D_PERSIST"}, {"hashes": ["834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"], "name": "LFO701A1756D_SAIR"}, {"hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "name": "DCMIN_MUTEX-GPLB87U"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "DF6Y34V6PC32TK"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "DF6Y34V6PC32TK_PERSIST"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "name": "DF6Y34V6PC32TK_SAIR"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "name": "pZx1Bf"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "name": "pZx1BfPERSIST"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "name": "pZx1BfEXIT"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "name": "Microsoft_PERSIST"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "name": "Microsoft_SAIR"}, {"hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "name": "x1x2x3x4"}], "registry": [{"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dll"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": "NoControlPanel"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableRegistryTools"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION", "value_name": null}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": null}, {"hashes": ["d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Microsoft"}, {"hashes": ["152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "msdcsc"}, {"hashes": ["b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "))))))))))))))))))))))))"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}", "value_name": null}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}", "value_name": "StubPath"}, {"hashes": ["f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"], "key": "<HKCU>\\SOFTWARE\\REMOTE", "value_name": "FirstExecution"}, {"hashes": ["f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "winlogon.exe"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKCU>\\SOFTWARE\\PZX1BF", "value_name": null}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}", "value_name": null}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": "Mutex"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKCU>\\SOFTWARE\\PZX1BF", "value_name": "ServerStarted"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKCU>\\SOFTWARE\\PZX1BF", "value_name": "ServerName"}, {"hashes": ["0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}", "value_name": "StubPath"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKCU>\\SOFTWARE\\TRADE HACK", "value_name": null}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKCU>\\SOFTWARE\\TRADE HACK", "value_name": "FirstExecution"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKCU>\\SOFTWARE\\TRADE HACK", "value_name": "NewIdentification"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}", "value_name": null}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Win32"}, {"hashes": ["1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}", "value_name": "StubPath"}, {"hashes": ["6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Alcmeter"}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863", "value_name": ""}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD", "value_name": ""}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON", "value_name": ""}, {"hashes": ["50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND", "value_name": ""}]}, "reports_count": 37}, "Win.Dropper.Emotet-7916286-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "currentcontrolset-service-added", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534"], "mitre_attack_tags": []}, {"bi": "malware-emotet-mutex", "hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "registry-service-type-modified", "hashes": ["8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "process-ping", "hashes": ["3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "iocs": {"domain": [], "file": [{"hashes": ["1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e"], "path": "%SystemRoot%\\SysWOW64\\KBDROST"}, {"hashes": ["826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871"], "path": "%SystemRoot%\\SysWOW64\\xwizard"}, {"hashes": ["dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d"], "path": "%SystemRoot%\\SysWOW64\\browcli"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-namedpipe-l1-1-0"}, {"hashes": ["ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "path": "%SystemRoot%\\SysWOW64\\devenum"}, {"hashes": ["9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c"], "path": "%SystemRoot%\\SysWOW64\\PortableDeviceConnectApi"}, {"hashes": ["3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc"], "path": "%SystemRoot%\\SysWOW64\\dxgi"}, {"hashes": ["c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "path": "%SystemRoot%\\SysWOW64\\C_ISCII"}, {"hashes": ["1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049"], "path": "%SystemRoot%\\SysWOW64\\duser"}, {"hashes": ["1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1"], "path": "%SystemRoot%\\SysWOW64\\dot3cfg"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275"], "path": "%SystemRoot%\\SysWOW64\\acppage"}, {"hashes": ["4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9"], "path": "%SystemRoot%\\SysWOW64\\dwmcore"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "path": "%SystemRoot%\\SysWOW64\\appmgr"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0045"}, {"hashes": ["901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"], "path": "%SystemRoot%\\SysWOW64\\dimsjob"}, {"hashes": ["8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a"], "path": "%SystemRoot%\\SysWOW64\\efsui"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "path": "%SystemRoot%\\SysWOW64\\KBDTUF"}, {"hashes": ["a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751"], "path": "%ProgramData%\\EFVejogcgdIyPmUHf.exe"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "path": "%SystemRoot%\\SysWOW64\\kbdax2"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "path": "%ProgramData%\\BaEROcraiYwPKk.exe"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "path": "%ProgramData%\\HsGuvFk.exe"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "path": "%ProgramData%\\LXZvgNjvQFfpF.exe"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "path": "%ProgramData%\\vSqVr.exe"}, {"hashes": ["d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"], "path": "%SystemRoot%\\SysWOW64\\RPCNDFP"}], "ip": [{"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "ip": "84[.]21[.]179[.]51"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "ip": "200[.]119[.]11[.]118"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "ip": "190[.]229[.]148[.]144"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "ip": "103[.]83[.]81[.]141"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751"], "ip": "190[.]147[.]137[.]153"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "ip": "51[.]159[.]23[.]217"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "ip": "104[.]236[.]52[.]89"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "ip": "188[.]251[.]213[.]180"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "ip": "181[.]92[.]244[.]156"}], "mutex": [{"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "name": "Global\\I98B68E3C"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"], "name": "Global\\M98B68E3C"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "name": "Global\\Nx534F51BC"}], "registry": [{"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "Start"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "ErrorControl"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "ImagePath"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": null}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "DisplayName"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "Type"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "WOW64"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "Start"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "ObjectName"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "ErrorControl"}, {"hashes": ["0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", "value_name": "Description"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "ImagePath"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": null}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "DisplayName"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "Type"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "WOW64"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "Start"}, {"hashes": ["92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\APPMGR", "value_name": "Description"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "ObjectName"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "ErrorControl"}, {"hashes": ["3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", "value_name": "Description"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "ImagePath"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "DisplayName"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "WOW64"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "ObjectName"}, {"hashes": ["49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", "value_name": "Description"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": null}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "Type"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "Start"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "ErrorControl"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "ImagePath"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "DisplayName"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "WOW64"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "ObjectName"}, {"hashes": ["12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", "value_name": "Description"}, {"hashes": ["901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32", "value_name": "ImagePath"}, {"hashes": ["901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32", "value_name": "Description"}, {"hashes": ["d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI", "value_name": "ImagePath"}, {"hashes": ["d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI", "value_name": "Description"}, {"hashes": ["d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC", "value_name": "ImagePath"}, {"hashes": ["d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC", "value_name": "Description"}]}, "reports_count": 27}, "Win.Dropper.Kuluoz-7929761-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}, {"bi": "malware-kuluoz-mutex", "hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "iocs": {"domain": [], "file": [{"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\hmrpjdnd.exe"}, {"hashes": ["1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\rbgruqii.exe"}, {"hashes": ["3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrcxfbbl.exe"}, {"hashes": ["1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\laafhqtr.exe"}, {"hashes": ["3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\xfcgdhod.exe"}, {"hashes": ["3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\eqfsdpli.exe"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\lfmigull.exe"}, {"hashes": ["077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\mepsiutc.exe"}, {"hashes": ["3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\evvlnbmm.exe"}, {"hashes": ["35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\dtrpdkof.exe"}, {"hashes": ["3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\xvtoeinf.exe"}, {"hashes": ["10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\deumjros.exe"}, {"hashes": ["239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\ptlclwer.exe"}, {"hashes": ["3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\pfcekooh.exe"}, {"hashes": ["375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\dnxliqkc.exe"}, {"hashes": ["3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\fwagopgb.exe"}, {"hashes": ["3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\uubcfqfj.exe"}, {"hashes": ["072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\pxlkbulv.exe"}, {"hashes": ["0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\riuodjqi.exe"}, {"hashes": ["112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrbccagr.exe"}, {"hashes": ["16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\scrqpcqd.exe"}, {"hashes": ["1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\ujtqfsaf.exe"}, {"hashes": ["1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\jrcdbpal.exe"}, {"hashes": ["1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\eafbsogp.exe"}, {"hashes": ["43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\ewrrdbtt.exe"}], "ip": [{"hashes": ["072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"], "ip": "212[.]45[.]17[.]15"}, {"hashes": ["0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "ip": "173[.]203[.]97[.]13"}, {"hashes": ["0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"], "ip": "142[.]4[.]60[.]242"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"], "ip": "203[.]157[.]142[.]2"}, {"hashes": ["10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "ip": "176[.]31[.]181[.]76"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "ip": "188[.]165[.]192[.]116"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"], "ip": "113[.]53[.]247[.]147"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"], "ip": "76[.]74[.]184[.]127"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "ip": "94[.]32[.]67[.]214"}, {"hashes": ["072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "ip": "82[.]150[.]199[.]140"}, {"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"], "ip": "92[.]240[.]232[.]232"}, {"hashes": ["077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6"], "ip": "37[.]59[.]82[.]218"}, {"hashes": ["077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f"], "ip": "50[.]57[.]139[.]41"}], "mutex": [{"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "name": "2GVWNQJz1"}], "registry": [{"hashes": ["04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xmacrbdl"}, {"hashes": ["5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c"], "key": "<HKCU>\\SOFTWARE\\GAJXWHJP", "value_name": "gsmcqoda"}, {"hashes": ["5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lugmssnl"}, {"hashes": ["1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"], "key": "<HKCU>\\SOFTWARE\\LCFGUHWN", "value_name": "kkpiqpjh"}, {"hashes": ["c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468"], "key": "<HKCU>\\SOFTWARE\\RDSDIHPI", "value_name": "ooffhvvq"}, {"hashes": ["c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gbpdjnro"}, {"hashes": ["dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492"], "key": "<HKCU>\\SOFTWARE\\LEHGMFUH", "value_name": "nfbspwqi"}, {"hashes": ["dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "stxigvvf"}, {"hashes": ["c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713"], "key": "<HKCU>\\SOFTWARE\\ATGQWMWN", "value_name": "risbqlwn"}, {"hashes": ["c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jijgpgho"}, {"hashes": ["d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0"], "key": "<HKCU>\\SOFTWARE\\EAPSNCGM", "value_name": "botvmpma"}, {"hashes": ["d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lcfvvaka"}, {"hashes": ["cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3"], "key": "<HKCU>\\SOFTWARE\\AWNSSOSH", "value_name": "lwgulaor"}, {"hashes": ["cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wnavkjeq"}, {"hashes": ["db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87"], "key": "<HKCU>\\SOFTWARE\\KABXXVNJ", "value_name": "pdilquld"}, {"hashes": ["db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xwrwisgs"}, {"hashes": ["e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd"], "key": "<HKCU>\\SOFTWARE\\NOLANLNS", "value_name": "kjknnnrk"}, {"hashes": ["e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jtuoejek"}, {"hashes": ["e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3"], "key": "<HKCU>\\SOFTWARE\\APKRXJCT", "value_name": "awpnebmp"}, {"hashes": ["e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wghkbolm"}, {"hashes": ["e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90"], "key": "<HKCU>\\SOFTWARE\\BPCJNVPS", "value_name": "govolssr"}, {"hashes": ["e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tqsqpkkn"}, {"hashes": ["e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824"], "key": "<HKCU>\\SOFTWARE\\UIMKHRCC", "value_name": "artghiar"}, {"hashes": ["f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"], "key": "<HKCU>\\SOFTWARE\\WIVKXHOB", "value_name": "qlpdwusx"}, {"hashes": ["e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "abjrelcu"}, {"hashes": ["f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nnxrhwfd"}, {"hashes": ["e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895"], "key": "<HKCU>\\SOFTWARE\\DXHIHGKO", "value_name": "tvwdujwk"}, {"hashes": ["e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "iavdbqkn"}, {"hashes": ["e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "key": "<HKCU>\\SOFTWARE\\OVCODQSR", "value_name": "trsneafq"}, {"hashes": ["e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mejknekg"}, {"hashes": ["f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"], "key": "<HKCU>\\SOFTWARE\\SROPWKEQ", "value_name": "mdrxtoca"}, {"hashes": ["f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "uaohmikj"}, {"hashes": ["f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75"], "key": "<HKCU>\\SOFTWARE\\VJJFQGKH", "value_name": "jfsxdjjc"}, {"hashes": ["f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rjblrnis"}, {"hashes": ["f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"], "key": "<HKCU>\\SOFTWARE\\CUXQKICW", "value_name": "wxqakjbv"}, {"hashes": ["f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tlbijafu"}, {"hashes": ["ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b"], "key": "<HKCU>\\SOFTWARE\\BLAJJSAW", "value_name": "qotudwci"}, {"hashes": ["ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dxbrpnqx"}, {"hashes": ["e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51"], "key": "<HKCU>\\SOFTWARE\\MWDLHRFO", "value_name": "cgokfdvf"}, {"hashes": ["e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cmtfflxv"}, {"hashes": ["e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75"], "key": "<HKCU>\\SOFTWARE\\DTSDABPG", "value_name": "tuswnfht"}, {"hashes": ["e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bgxtxfdm"}, {"hashes": ["f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"], "key": "<HKCU>\\SOFTWARE\\JGVRVTVB", "value_name": "cfpgqvfm"}, {"hashes": ["f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mnwvhhtc"}, {"hashes": ["f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "key": "<HKCU>\\SOFTWARE\\BDTHGPCI", "value_name": "jdcdoqbv"}, {"hashes": ["f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rbkprvfa"}]}, "reports_count": 105}, "Win.Malware.Remcos-7914589-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-category-file-storage", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005", "T1130"]}, {"bi": "feed-domain-rat", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "files-deleted-used-batch", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-future", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "files-deleted-used-vbs", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "benign-process-has-child", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "fake-windows-directory-file-creation", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1151"]}, {"bi": "malware-gelup-artifact-detected", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "network-opendns-malicious", "hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "mitre_attack_tags": ["TA0011"]}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. It is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "iocs": {"domain": [{"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "host": "goddywin[.]freedynamicdns[.]net"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "host": "boot[.]awsmppl[.]com"}, {"hashes": ["3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "host": "doc-0k-8o-docs[.]googleusercontent[.]com"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "host": "u864246[.]nvpn[.]so"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "host": "doc-0c-b0-docs[.]googleusercontent[.]com"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "host": "newdawn4me[.]ddns[.]net"}, {"hashes": ["47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "host": "doc-0g-54-docs[.]googleusercontent[.]com"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "host": "doc-00-54-docs[.]googleusercontent[.]com"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "host": "doc-04-6k-docs[.]googleusercontent[.]com"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "host": "site[.]ptbagasps[.]co[.]id"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"], "host": "doc-14-54-docs[.]googleusercontent[.]com"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "host": "dolxxrem[.]hopto[.]org"}, {"hashes": ["5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"], "host": "doc-0c-54-docs[.]googleusercontent[.]com"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "host": "thankyoulord[.]ddns[.]net"}, {"hashes": ["9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "host": "doc-0o-54-docs[.]googleusercontent[.]com"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"], "host": "doc-0s-54-docs[.]googleusercontent[.]com"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "coolcc1[.]xzy"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "host": "latua[.]nsupdate[.]info"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "coolget1[.]xzy"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "host": "doc-0s-b0-docs[.]googleusercontent[.]com"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "doc-10-8o-docs[.]googleusercontent[.]com"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "coolta1[.]xzy"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "coolta2[.]xzy"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "host": "coolta71[.]com"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "host": "doc-0c-bk-docs[.]googleusercontent[.]com"}], "file": [{"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%System32%\\winevt\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\Natso.bat"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\Runex.bat"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\fodhelper.exe"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\propsys.dll"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\x.bat"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%SystemRoot% "}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%SystemRoot% \\System32"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%SystemRoot% \\System32\\fodhelper.exe"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%SystemRoot% \\System32\\propsys.dll"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\cde.bat"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%PUBLIC%\\x.vbs"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "path": "%APPDATA%\\remcos"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%APPDATA%\\cosp"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%APPDATA%\\cosp\\dos.dt"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "path": "%ProgramFiles%\\Microsoft DN1"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "path": "%LOCALAPPDATA%\\Dkzc\\Dkzc.hta"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "path": "%LOCALAPPDATA%\\Dkzc\\Dkzcset.exe"}, {"hashes": ["3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%LOCALAPPDATA%\\Xkox\\Xkox.hta"}, {"hashes": ["3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "path": "%LOCALAPPDATA%\\Xkox\\Xkoxset.exe"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "path": "%LOCALAPPDATA%\\Microsoft Vision"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "path": "%APPDATA%\\winos"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "path": "%APPDATA%\\winos\\logs.dat"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "path": "%LOCALAPPDATA%\\Kqgi\\Kqgi.hta"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "path": "%LOCALAPPDATA%\\Kqgi\\Kqgiset.exe"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "path": "%LOCALAPPDATA%\\Uvxx\\Uvxx.hta"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "path": "%LOCALAPPDATA%\\Uvxx\\Uvxxset.exe"}, {"hashes": ["9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "path": "%LOCALAPPDATA%\\Qsma\\Qsma.hta"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"], "path": "%LOCALAPPDATA%\\Vzva\\Vzva.hta"}, {"hashes": ["9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "path": "%LOCALAPPDATA%\\Qsma\\Qsmaset.exe"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"], "path": "%LOCALAPPDATA%\\Vzva\\Vzvaset.exe"}, {"hashes": ["47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "path": "%LOCALAPPDATA%\\Fhit\\Fhit.hta"}, {"hashes": ["47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "path": "%LOCALAPPDATA%\\Fhit\\Fhitset.exe"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"], "path": "%LOCALAPPDATA%\\Opfq\\Opfq.hta"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"], "path": "%LOCALAPPDATA%\\Opfq\\Opfqset.exe"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "path": "%LOCALAPPDATA%\\Xarf\\Xarf.hta"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "path": "%LOCALAPPDATA%\\Xarf\\Xarfset.exe"}, {"hashes": ["5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"], "path": "%LOCALAPPDATA%\\Yaxi\\Yaxi.hta"}, {"hashes": ["5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"], "path": "%LOCALAPPDATA%\\Yaxi\\Yaxiset.exe"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "path": "%LOCALAPPDATA%\\Jwgz\\Jwgz.hta"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "path": "%LOCALAPPDATA%\\Jwgz\\Jwgzset.exe"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "path": "%LOCALAPPDATA%\\Xfbb\\Xfbb.hta"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "path": "%LOCALAPPDATA%\\Xfbb\\Xfbbset.exe"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "path": "%LOCALAPPDATA%\\Hlvx\\Hlvx.hta"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "path": "%LOCALAPPDATA%\\Hlvx\\Hlvxset.exe"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "path": "%LOCALAPPDATA%\\Jkpt\\Jkpt.hta"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "path": "%LOCALAPPDATA%\\Jkpt\\Jkptset.exe"}], "ip": [{"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "ip": "172[.]217[.]15[.]97"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "ip": "172[.]217[.]9[.]206"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "ip": "142[.]250[.]31[.]138/31"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "ip": "142[.]250[.]31[.]100/31"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "ip": "185[.]165[.]153[.]17"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "ip": "79[.]134[.]225[.]105"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "ip": "142[.]250[.]31[.]113"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "ip": "194[.]5[.]99[.]12"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "ip": "185[.]244[.]30[.]223"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "ip": "79[.]134[.]225[.]11"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "ip": "91[.]193[.]75[.]15"}, {"hashes": ["5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"], "ip": "142[.]250[.]31[.]102"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "ip": "185[.]244[.]29[.]131"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "ip": "194[.]5[.]99[.]213"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "ip": "185[.]244[.]30[.]91"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "ip": "162[.]159[.]134[.]233"}], "mutex": [{"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "name": "Remcos-PLP378"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "name": "-PUTW55"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "name": "Nerdpol-NUCW3I"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "name": "Remcos-4F6INU"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "name": "remcos_nqtjidysxc"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "name": "Remcos-B3XNCF"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "name": "Remcos-0S5XD9"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "name": "Remcoss-2AOK38"}], "registry": [{"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR", "value_name": null}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", "value_name": null}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", "value_name": null}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", "value_name": null}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", "value_name": "Time"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", "value_name": "Name"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", "value_name": "Time"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", "value_name": "Name"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", "value_name": "Time"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", "value_name": "Name"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "windir"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", "value_name": null}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", "value_name": "exepath"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", "value_name": "licence"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKCU>\\SOFTWARE\\-PUTW55", "value_name": null}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKCU>\\SOFTWARE\\-PUTW55", "value_name": "exepath"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKCU>\\SOFTWARE\\-PUTW55", "value_name": "licence"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", "value_name": null}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", "value_name": "exepath"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", "value_name": "licence"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", "value_name": null}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", "value_name": "exepath"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", "value_name": "licence"}, {"hashes": ["7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Dkzc"}, {"hashes": ["3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Xkox"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", "value_name": null}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", "value_name": "EXEpath"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", "value_name": null}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", "value_name": "exepath"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", "value_name": "licence"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", "value_name": null}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", "value_name": "exepath"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", "value_name": "licence"}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\33HRDNRKKR", "value_name": null}, {"hashes": ["4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Kqgi"}, {"hashes": ["67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Uvxx"}, {"hashes": ["9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Qsma"}, {"hashes": ["3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Vzva"}, {"hashes": ["47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Fhit"}, {"hashes": ["2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Opfq"}, {"hashes": ["396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Xarf"}, {"hashes": ["5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Yaxi"}, {"hashes": ["01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Jwgz"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", "value_name": null}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", "value_name": "exepath"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", "value_name": "licence"}, {"hashes": ["a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Xfbb"}, {"hashes": ["284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Hlvx"}, {"hashes": ["c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Jkpt"}]}, "reports_count": 17}, "Win.Packed.Dridex-7914375-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "potential-registry-persistence", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-null", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-dridex-detected", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-windows-task", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "hook-installed", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "mitre_attack_tags": ["TA0011", "T1008"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "iocs": {"domain": [{"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "pastebin[.]com"}, {"hashes": ["d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"], "host": "www[.]llikaolgdj[.]com"}, {"hashes": ["dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "host": "www[.]zvslmngih2[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]lckz9upvmu[.]com"}, {"hashes": ["d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"], "host": "www[.]0vl0yw9q6t[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]6ibvmt1xkl[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]rbmh1eqrb4[.]com"}, {"hashes": ["d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"], "host": "www[.]2qwndfmzqo[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]puipgy6zfi[.]com"}, {"hashes": ["dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "host": "www[.]cinj4ytc6j[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]lkzcbgbctx[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]cv9a9ljdwv[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]sbduzmckjw[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]k6ae4xlzib[.]com"}, {"hashes": ["dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "host": "www[.]0arvkcizhw[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]opxgrcvh9o[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]rkakmp5gxz[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]cbobvzqelf[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]jh2hxge6zy[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]ehtiatdjsv[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]dddu3yqvme[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]wha0vpzn3c[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]ztxacd7o1j[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]r5d42mselb[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]yhbkncfupy[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]glj24iaof9[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]bmnq8uo5cp[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]bpx615hrfk[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]l9sj8pu5yc[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]vzdjct2zps[.]com"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "host": "www[.]lznjta3oev[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]hf66jhhwbw[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]0ffaffdlmn[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]qryqt3kcej[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]nsaevyfnmj[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]vpg6u1ulw5[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]djdnabtte0[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]u1sgzd048q[.]com"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "host": "www[.]dizyb18lcf[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]qqmkdeblo4[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]gsop0488i4[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]z1vbwnryta[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]hmijkale2q[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]zj2peapofa[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]9ruqedkcy5[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]tsgimzq6qr[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]kcdiwhiwcv[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]cfvycj65hc[.]com"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "host": "www[.]tpzzvsfurs[.]com"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "host": "www[.]9dcol3x0mc[.]com"}], "file": [{"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2"], "path": "\\TEMP\\2794388cf801e19b2e67e1e05565962b.exe"}], "ip": [{"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "ip": "172[.]217[.]7[.]206"}, {"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "ip": "104[.]23[.]98[.]190"}], "mutex": [{"hashes": ["dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"], "name": "tlxDZX2Ntc"}, {"hashes": ["a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"], "name": "G0eESuMwaM"}, {"hashes": ["a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"], "name": "QLUuhtpFL4"}, {"hashes": ["a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"], "name": "W81AjgGbqP"}, {"hashes": ["a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"], "name": "b5WXmmWABJ"}, {"hashes": ["a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"], "name": "q0OYNmrwzs"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "22lOOR7vmz"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "3vNIizgIBf"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "4cbShiiIBW"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "6hkO3nxjqn"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "iPWsdpH8gA"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "juhrLAoiFE"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "kAwbNLNp7c"}, {"hashes": ["9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"], "name": "q4G7hZQYnm"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "3Ke8aq0xVe"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "6v3JrEsK54"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "Cu147nvDYW"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "ERneZGynQ7"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "GnENugv2bC"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "MoxF68c4S6"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "4ijXaxYePH"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "RD1rsFphWn"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "5RwkPpNJzh"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "T8KuolUTed"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "H2qiRLadfB"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "WbYuu2vXKF"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "6oHVTn7m1S"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "IiMz538TeT"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "YH3sIXWxZ7"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "MrbqGAkrN6"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "AOP8bLZeZf"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "aAUGQU6jY7"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "EJiGhkYRsT"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "VavP11maVe"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "hd2DNIQQza"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "GC0BnG1NyT"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "WOD0NMwG0v"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "nC4LYHkDUW"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "m6aiKNmZX7"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "alCShHejK0"}, {"hashes": ["f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"], "name": "tv7Tjl0Sjm"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "nc8O2a3gZO"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "cEoNvtSzSO"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "t700AW7igk"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "hbCa9oBQcM"}, {"hashes": ["e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"], "name": "ygC9l4NjOK"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "ks8HKxrioy"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "qOVtUNs8zu"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "rI7PHRZE6H"}, {"hashes": ["fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "name": "usZX9BGzyP"}], "registry": [{"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 23}, "Win.Packed.Shiz-7945013-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-dns-malicious-snort", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-upload-file", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "pe-imports-toolhelp", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "malware-shiz-mutex-detected", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", "hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", "8a0e095662f72ef3ae59b5f5df7936c865831f4acf193ae1609ed4841fbf78ef", "8ffb956b1174a711a18eb69b3da0b062eb5b1bf3e8e1c8b7f63b0e55e86c9560", "a8523720f8ae02d4a39c7cd6eb480faed4dbf2d4bf1265f4014772261f066420", "b0cd87a6aeeae56b0da7e587df4bc78c959ad721b4d1bc61db27fd568a23742e", "b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69", "b2658ede9c454cc93e70ea05025f35c2e5557f1359e8c165e08b1d71155193b4", "b74af0738f30244cf66da4a9d69dfc2c5412d6e08bd634458e112652cac1a73e", "b9d220e2a57f3e58589090250377353f4215966ea88597ebdb7bce4f0b1bc5ee", "ba66119d5c2d340662f2ccaaff74da09e3d15573433296565a26383efb77d8a7", "c157e1c093c7c4cbe2d4431db326dcce5ea4f8f96847bf1c15eb3a0cb1b650a9", "c1976ea4840648c135b720f34c2e4e605f7a2c7cc05ca2385a314f42ffd6f234", "c7db1d62e8daa13576120cc2546ae2d1935363584b953f4ce1f8ae5bbf60e53b", "cc947c275f36efa4f62af62c36e82cd75926a44f305b51540456ef6c32fa17f8", "d0a114c446b41e490e6d44e4a1cbd88252cfa126685f0b5033e52b1f537b3ee6", "d18e09bc3532f32fd4b7256e1e88f83357d625198f0f4414a894eceaa90d901c", "d5450b35130d18cafbb2187c70af4cf2b637aa661bf9a84198a96e0f0e1233dc", "dcca04da793e171e4763c1b8e9cddca1f7cf459da0616db70df0c63389a05682", "dce3981d00ded810f40d295a27c52a2ac4cd03ebd9b83bd4e540d82808fb9a17", "de37285a217e06900ac7d6ef4af004ef38acd071f662c25fe0055c00c39c4551", "ee0e58d0e41f0af236808468abf270fb7ec5baa113d6a2282722c99805ab3c3e", "f538484469ab7a4d98fe83de2676c2bc9c286d591e5859800fa31aff9121d1e7", "ff19a365f2692108d154dbf82bc278b6cb86996730c563eb8db6a0e5500e4e4a"], "iocs": {"domain": [{"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "xuboninogyt[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tufamugevih[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "xudevunymex[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qeguxylevus[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "vopycyfutoc[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "xukafinezeg[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "ciqehefitij[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "kemimojitir[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qexusulakiq[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qeqotogemet[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "foxofewuteq[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "cinazetybiq[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "gahoqohofib[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "lygowunezep[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "ganovowuqur[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qekusagigyz[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tuwypagupeb[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tunupegirec[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "masafytunux[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "lyruterodiq[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qegefavipev[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "cilupakuquk[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "ryciqavuqav[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "kerijudacyj[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "pumumagojef[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "jenerunybem[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "fotaqizymig[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tujajepifyv[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tuwiqelages[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "nopexifigep[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "gatykibojig[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "disumesenyv[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "jenujoxojug[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "dikiwewutav[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "kepolonavit[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "jejubyrexeq[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "puvacigakog[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "maxilumiriz[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "tujizipipiz[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "qekafuqafit[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "nofyjikoxex[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "purebupycug[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "nojuletacuf[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "dimasyhageh[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "mamasufexix[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "rydufupipug[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "purijygirem[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "kefypadofiw[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "vocumucokaj[.]eu"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "host": "masisokemep[.]eu"}], "file": [{"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "path": "%SystemRoot%\\AppPatch\\<random, matching '[a-z]{6,8}'>.exe"}, {"hashes": ["1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567"], "path": "%TEMP%\\206BC.dmp"}, {"hashes": ["476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412"], "path": "%TEMP%\\207C6.dmp"}, {"hashes": ["861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "path": "%TEMP%\\dd24_appcompat.txt"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88"], "path": "%TEMP%\\16116.dmp"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88"], "path": "%TEMP%\\5ef2_appcompat.txt"}, {"hashes": ["1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567"], "path": "%TEMP%\\7cb_appcompat.txt"}, {"hashes": ["476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412"], "path": "%TEMP%\\13d_appcompat.txt"}, {"hashes": ["861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "path": "%TEMP%\\1DBD4.dmp"}], "ip": [{"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "23[.]253[.]126[.]58"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "104[.]239[.]157[.]210"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "45[.]77[.]226[.]209"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468"], "ip": "35[.]229[.]93[.]46"}, {"hashes": ["0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "ip": "35[.]231[.]151[.]7"}], "mutex": [{"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "Global\\674972E3a"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "internal_wutex_0x00000120"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "internal_wutex_0x00000424"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "internal_wutex_0x00000474"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "Global\\C3D74C3Ba"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>"}, {"hashes": ["07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468"], "name": "internal_wutex_0x000003b4"}], "registry": [{"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT", "value_name": "67497551a"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "98b68e3c"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "userinit"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "System"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "load"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "run"}, {"hashes": ["043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "userinit"}]}, "reports_count": 25}, "Win.Packed.Tofsee-7916644-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "netbios-query", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-new", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-created-apt29-named-pipe", "hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "modified-executable", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "process-long-cmdline", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-snort-protocol", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-dns-category-file-storage", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "deleted-submitted-file", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "listening-port-opened", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-large-data-entry", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1031"]}, {"bi": "netbios-null-domain", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "sc-service-create", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "new-service-launched", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click-fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "iocs": {"domain": [{"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "host": "mcc[.]avast[.]com"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "host": "line[.]beibiandmom[.]com"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "schema[.]org"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "ipinfo[.]io"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "117[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}], "file": [{"hashes": ["00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%TEMP%\\www2.tmp"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%TEMP%\\www3.tmp"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%TEMP%\\www4.tmp"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%HOMEPATH%\\Favorites\\Links\\Suggested Sites.url"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms"}, {"hashes": ["00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "path": "%TEMP%\\CC4F.tmp"}, {"hashes": ["6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514"], "path": "%TEMP%\\9419.tmp"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%SystemRoot%\\SysWOW64\\lesyxfla"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%TEMP%\\pysxpojf.exe"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%TEMP%\\evryposw.exe"}, {"hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"], "path": "\\MSSE-4155-server"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "path": "%System32%\\tgmnzkpo\\pysxpojf.exe (copy)"}, {"hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"], "path": "\\MSSE-6892-server"}], "ip": [{"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "ip": "185[.]98[.]87[.]176"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"], "ip": "45[.]143[.]137[.]184"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "104[.]47[.]8[.]33"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "104[.]47[.]10[.]33"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "40[.]113[.]200[.]201"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "12[.]167[.]151[.]117"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "104[.]28[.]19[.]94"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]197[.]106"}, {"hashes": ["9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"], "ip": "141[.]105[.]69[.]247"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "192[.]0[.]50[.]54"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "192[.]0[.]51[.]239"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]13[.]228"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "192[.]0[.]50[.]87"}, {"hashes": ["309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"], "ip": "77[.]87[.]213[.]82"}, {"hashes": ["4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"], "ip": "145[.]249[.]106[.]236"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]197[.]103"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]197[.]147"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]197[.]99"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "ip": "172[.]217[.]197[.]104/31"}], "mutex": [{"hashes": ["00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\lesyxfla"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "Type"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "Start"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "ErrorControl"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "DisplayName"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "WOW64"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "ObjectName"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "Description"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": null}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", "value_name": "ImagePath"}]}, "reports_count": 10}, "Win.Trojan.Mikey-7914350-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-invalid-checksum", "hashes": ["3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "network-file-uploaded", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "dns-public-server-contacted", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-hide-files", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-disablesuac", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-action-center-disabled", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-chthonic-rat-detected", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": []}, {"bi": "recycler-file-creation", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": []}, {"bi": "process-check-deep-freeze", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "process-check-analysis-tools", "hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "dns-query-nxdomain", "hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-communications-http-get", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-redirect", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "network-explorer-process", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "firefox-prefs-modified", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": ["TA0009"]}, {"bi": "malware-ursnif-detected", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "malware-ursnif-bypass-check-detected", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": []}, {"bi": "fake-recycler-folder-creation", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "fault-report-file-created", "hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "artifact-vm-detect", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "unsigned-roaming-execution", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "listening-port-opened", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "network-dns-category-proxy", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0003"]}, {"bi": "task-ran-using-system-account", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0005", "T1490"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "html-js-uses-window-open", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "js-contains-massive-strings", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}, {"bi": "network-communications-tor", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": ["TA0011", "T1079", "T1188"]}, {"bi": "malware-ransomware-ctb-locker", "hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. This threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.", "hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", "4c397965def4df7897e68d1ce762d2e02b080d89e068752d37b70c91aea58cea", "52c0ba53e01fd69d9ae140cf37b361c778cbf4723e12d57b7df9e41f61c927b7", "55a1eded6acb9e55ee143b77df938ed4e6cc3ed8574ffa50d248374221e76ef9", "568a37db692d1e9f015fe640e2cc6bd5188705fd4f94e0ad2b6e3e9c068d2d5a", "631adefa8ebcb6f0e8f0189b47c041dab7fc8ae1f12a1e896e40c6da714e585c", "63fda55e63bf5edd39706c2a96fc85130f8d34e8000cd3d63d9c84ae7eea551e", "66d77bed46642eb9bb7ac96ea3ed48e650293cf7b8e2edee7f31a59eaafa370f", "6b20b478b7f26138a5c46786cf866bd3001435ec87e64a6772b75ac5c91e14f8", "6b3169daadd2d52c674794c66c0170dff7a7c1d8d2e716511c80ceba428a15d2", "6b6abf2811b5016b4fc4f9f2c6dc608088faef61ca138a67dddb4d32097d1a24", "6c2cb620ae462499cb5e59d53723c684925718bfc3bbec659e307201c6cd0935", "7479ba884a2998019d546453ce23f77bafa6394c1147808aa94184d3e290535b", "76640f4811f85f98de27354e81855fc2ef940bec413e9d0e9cd627f2ae26af87", "7a1b542fc68238cbac3e93424d1e97e33ba24c6c6234d8179fafbd2e800c1694", "7b56b22a25a5af33c0cdb30320c4d32e1816c0cd9f0ba9c881595cce2448727c", "7b9210357c3b0eb159f3cd54a8170ad3571f98bbc97fdbba8d9db652d27db000", "7c7c582ce7bbd8f1d3e6c6d0527b1177eef07e9565541f253a774fb3f0dddb2d", "824154245416bd167a5b2b9c2e3345185434743976f983c881502590b959da2f", "8663f70c11b52d3fe0d7ca7bf703ae6224f363e3f4c41e898d3db63537c500aa", "874760bbc316b12098de4683a5fb691655e6eb85f81a3b0deaa79b35f9c87ae3", "8acf2147344ce830ccb78cdbfdfb1fafc63041806800a435610c2d3cd1f6508a", "8c3d54f5b451b52f072fc514f57017b1ed2033d896300e6d8abd1063b0d070a7", "90943ab6d847695836961498aed2552d9469a1397e3106beb326b037f1812c4c", "99ce0fe8d7f57532685d8dcd60fc8ffcdd06a0353e9892ba42d32060fb399160", "a37b732b69a5603a76636b16da5f2728c6b888d09599127863774fa6fcd990bf", "a777ab5e9552e593b128e65f051c0ac18614eb8ab285deb9950f58ab91099023", "a9cda5d034deac962c85eb092a21ba5dc1127612218d9bc6cc7d6f95220e30a0", "ad40d945da5ae0f56cdce2b942d04b24424c3c59b0bb1a1df2e93de952f96d59", "affa7053b5990a106cb313dadc33de50dd8448bd683973b16c561c31d353d101", "b5681dd1261e6aaaa08f0fce54b4df414773f4bec0badac5605e167e8cd23e52", "ba7d6c78533ccaf1fc7a0fd48a9e9c8f02b127cd800864a7c34a10d470320b01", "c6e34427ce0ce3141e4b1a67f27d4803e50d5e8645bd6f65cc4c6df897f8a64c", "c816a718eb2daebcaff4de87ff8e0e2f070cb91dc36afbc5aeeba9f009cb5aa8", "c980f4f7feb810e747de84eaae7c94b708df87797d29509eeea5cb877b6b3a3c", "dacfe3a0638415f33548b39be4fe9ec86c724ea32fb76a45e28a74ce508f93a3", "df0790cea76cfd3cd22673b2321ef76d7ff39e94b14963a5f134eaab5f82cc93", "e54c5a87c8c572defc415d4ebf15384f80a5c5711f7c4bd95b37154cffc03740", "ea265bdae08481159e35d93cb126f6b198327ebf4a10a6ebbe2fdecdd97d3437", "ea3b81dc922eb33fea5e18fc86124851a731136925be0eca79f295524cfe46e9", "f0d66a69aa5351aa992b5ac5b20553906238029280dc56759f79c40488f04840", "f2e5acff860faff7cb5af56cd01dc1dac7442312a3a441211827d2ccf99497d6", "f391ba07f6cacdc2232ffcc2e7e103c0df6725504af796a969d66f20b4a90ff4", "f749054c44aaa09a2afcf4c19fca389493f149ada5920bc0745de9b94fd8e2cb", "fe909cf9e558ad24255402e5b9e1f16efe8f2daa2de49077012cc0199592d230"], "iocs": {"domain": [{"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "host": "europe[.]pool[.]ntp[.]org"}, {"hashes": ["049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "host": "bestbrightday[.]ru"}, {"hashes": ["049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "host": "connect-support-server[.]ru"}, {"hashes": ["049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "host": "connect-s3892[.]ru"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "host": "www[.]update[.]microsoft[.]com[.]nsatc[.]net"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "host": "constitution[.]org"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "host": "whenconsentcombexperhis[.]ru"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "www[.]mydomaincontact[.]com"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "www[.]torproject[.]org"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "ip[.]telize[.]com"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "pf5dahldauhrjxfd[.]onion"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "pf5dahldauhrjxfd[.]tor2web[.]org"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "pf5dahldauhrjxfd[.]onion[.]cab"}, {"hashes": ["341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "host": "and4[.]junglebeariwtc1[.]com"}, {"hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "host": "paranormal-online-kino[.]ru"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78"], "host": "pas2joux[.]info"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "vgqisyuzmsa7cenq[.]onion[.]cab"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "host": "vgqisyuzmsa7cenq[.]onion[.]lt"}], "file": [{"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%TEMP%\\WPDNSE"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "path": "%ProgramData%\\msodtyzm.exe"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "path": "%ProgramData%\\~"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0"], "path": "\\Documents and Settings\\All Users\\mslkrru.exe"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\1lcuq8ab.default\\prefs.js"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\WER\\ERC\\statecache.lock"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "\\{7BFF4B7E-9EEE-6505-80DF-B269B48306AD}"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%APPDATA%\\d3d8dmrc.exe"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%ProgramData%\\Package Cache\\dgrughe"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%System32%\\Tasks\\aonxqbj"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%TEMP%\\tjumvad.exe"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "\\$RECYCLE.BIN\\S-1-5-18\\desktop.ini"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%ProgramData%\\whaadba.html"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\05_eG_0WhYkjdCUdP8GzNoBh.dat"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\y6WGtFCIB8cuv0c2LfcldnkNh4T.dat"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\PushPrinterConnections.exe"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5lRsecBUKS5d_lxgOkp.dat"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\P1WLRm-Nyrsk-oY7ZZ5LTiSf.dat"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\hh.exe"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\io9wBnnpx0TXElfGtTLc.dat"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\s0XKgwBjkZNTR38M6Rh.dat"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\label.exe"}, {"hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "path": "%APPDATA%\\UVJlWVxU\\write.exe"}, {"hashes": ["1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\4EUFp32cjHlXrI3ahr535_g.dat"}, {"hashes": ["1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\GYgCMy08rEblS8NJKhWJzh.dat"}, {"hashes": ["1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\verifier.exe"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.bmp"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.txt"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%System32%\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020052820200529\\container.dat"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.bmp"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.txt"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.bmp"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.txt"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5bCJVbTlP8drop_y7Nrbhgwi7g.dat"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\UGQYzaAAolzNogviyW83.dat"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\cliconfg.exe"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "path": "%TEMP%\\BDB8.bin"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "path": "%TEMP%\\D6CC.bat"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\KJx7-j33FQ5ZAgdNMO_v_JDA0HLd.dat"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\RslRFsPiM5FvRqLN9.dat"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\DevicePairingWizard.exe"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\d7psQDWs3eVKE83MLjcX18eY.dat"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\pxI5KiZDiEjWFSQ.dat"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\systeminfo.exe"}, {"hashes": ["4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%TEMP%\\B07F.bin"}, {"hashes": ["4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "path": "%TEMP%\\C8B8.bat"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "path": "%TEMP%\\E230.bat"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "path": "\\{7EBA09AF-C59F-608E-3F92-C994E3E60D08}"}], "ip": [{"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "194[.]165[.]16[.]15"}, {"hashes": ["049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "ip": "184[.]105[.]192[.]2"}, {"hashes": ["049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "ip": "109[.]120[.]180[.]29"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "ip": "40[.]67[.]189[.]14"}, {"hashes": ["1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "ip": "40[.]90[.]247[.]210"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "ip": "40[.]91[.]124[.]111"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "49[.]124[.]15[.]147"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "190[.]38[.]228[.]128"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "24[.]35[.]232[.]189"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "126[.]83[.]87[.]201"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "ip": "20[.]45[.]1[.]107"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "77[.]77[.]31[.]42"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "46[.]128[.]161[.]129"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "93[.]80[.]151[.]62"}, {"hashes": ["0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"], "ip": "109[.]251[.]147[.]17"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "122[.]196[.]217[.]40"}, {"hashes": ["1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "124[.]123[.]153[.]47"}, {"hashes": ["1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "218[.]157[.]244[.]205"}, {"hashes": ["341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"], "ip": "104[.]42[.]225[.]122"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "69[.]133[.]65[.]5"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "125[.]58[.]91[.]226"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "178[.]205[.]86[.]64"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "94[.]248[.]24[.]112"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "24[.]42[.]115[.]69"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "180[.]220[.]13[.]57"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "129[.]22[.]245[.]159"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "58[.]91[.]10[.]231"}, {"hashes": ["21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"], "ip": "125[.]196[.]172[.]20"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "ip": "50[.]16[.]49[.]81"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "218[.]229[.]34[.]33"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "95[.]160[.]49[.]115"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "80[.]116[.]242[.]163"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "5[.]78[.]60[.]8"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "1[.]23[.]37[.]160"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "119[.]10[.]189[.]184"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "31[.]192[.]50[.]2"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "109[.]184[.]87[.]184"}, {"hashes": ["2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"], "ip": "168[.]131[.]125[.]12"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "175[.]151[.]27[.]234"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "151[.]233[.]16[.]231"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "124[.]150[.]233[.]7"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "197[.]7[.]192[.]38"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "61[.]121[.]235[.]94"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "220[.]99[.]173[.]15"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "153[.]177[.]77[.]224"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "119[.]150[.]79[.]132"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "114[.]150[.]245[.]103"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "92[.]87[.]28[.]118"}, {"hashes": ["346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "ip": "37[.]19[.]168[.]80"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "ip": "35[.]175[.]60[.]16"}], "mutex": [{"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "name": "Frz_State"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "name": "shell.{51D4DBE8-BDA0-10DF-2D07-6083593E274E}"}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "name": "shell.{6378803E-0C4F-158B-122F-45AACF1EEAA5}"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "name": "Local\\{AF64E7EC-42CA-B984-C453-96FD38372A81}"}, {"hashes": ["20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"], "name": "seiuebfbgnppen"}, {"hashes": ["19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"], "name": "UVJlWVxU"}, {"hashes": ["4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "name": "{F37309D7-B6A8-9D08-58D7-4A210CFB1EE5}"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "name": "{33F762DD-F6D2-DDAD-9817-8A614C3B5E25}"}, {"hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "name": "Global\\fbd4d201-a0ca-11ea-a007-00501e3ae7b5"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "name": "Local\\{227C68F6-19CD-A453-B376-5D18970AE1CC}"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"], "name": "{1E72B4E3-E5B2-0047-5F32-E93403862DA8}"}, {"hashes": ["2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"], "name": "f318011atatt"}], "registry": [{"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}\\ENUM", "value_name": null}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1081297374"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "1081297374"}, {"hashes": ["01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP", "value_name": null}, {"hashes": ["0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002", "value_name": "r\u007fdOyt"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", "value_name": "IsImapiDataBurnSupported"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", "value_name": "DriveNumber"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", "value_name": "StagingPath"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", "value_name": "Active"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING", "value_name": "CD Recorder Drive"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "FreeBytes"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "Blank Disc"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "Can Close"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "Live FS"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "Disc Label"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "Set"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE", "value_name": "UIStatus"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCIIDE\\IDECHANNEL\\4&A27250A&0&2", "value_name": "CustomPropertyHwIdKey"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\USB\\VID_46F4&PID_0001\\1-0000:00:1D.7-2", "value_name": "CustomPropertyHwIdKey"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCI\\VEN_1AF4&DEV_1001&SUBSYS_00021AF4&REV_00\\3&2411E6FE&2&18", "value_name": "CustomPropertyHwIdKey"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\SESSIONINFO\\1\\LOGONSOUNDHASBEENPLAYED", "value_name": null}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": null}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE", "value_name": null}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", "value_name": "Temp"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", "value_name": "Client"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", "value_name": null}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d3d8dmrc.exe"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "catsdtsh"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", "value_name": "Install"}, {"hashes": ["2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", "value_name": "TotalBytes"}]}, "reports_count": 25}, "exprev": [{"count": 14879, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 7026, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 4405, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1061, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 166, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 158, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 84, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 51, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 29, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 22, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 19, "description": "Special Search Offer adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Special Search Offer adware"}, {"count": 17, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 11, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 5, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 5, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-06-05T16:24:08+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Trojan.Mikey-7914350-0", "Win.Dropper.Barys-7914367-0", "Win.Packed.Dridex-7914375-0", "Win.Malware.Remcos-7914589-1", "Win.Dropper.Emotet-7916286-0", "Win.Packed.Tofsee-7916644-0", "Win.Dropper.Kuluoz-7929761-0", "Win.Dropper.DarkComet-7945051-0", "Win.Packed.Shiz-7945013-0"]}