{"Doc.Malware.Emotet-9238710-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-contains-vbforms", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "macro-contains-random-vars", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-open", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0002", "TA0001", "T1064"]}, {"bi": "document-single-page", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0002", "TA0001", "T1173", "T1193"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-embedded-low-content", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "wmi-process-create", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "powershell-encoded-buffer", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "registry-powershell-ras-dll-loaded", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-exe-dropped", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0002", "T1173"]}, {"bi": "process-long-cmdline", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-emotet-file-drop", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-launch-powershell", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "document-network-traffic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0011"]}, {"bi": "powershell-encoded-obfuscated-cmdline", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "powershell-remote-code-execution", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-wmi-process-create", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "vba-compound-random-network-communications", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-min-and-embedded-network-traffic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "network-dns-doc-network-traffic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "feed-domain-document-network-traffic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-direct-ip-traffic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-snort-policy", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "word-document-heuristics-compound", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": ["TA0002", "TA0001", "T1064", "T1193"]}, {"bi": "vba-compound-random-generic", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-fault-report-file-created", "hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-crash-dump-file-created", "hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "document-crash-detected", "hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "network-snort-sensitive-data", "hashes": ["37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155"], "mitre_attack_tags": []}, {"bi": "potential-registry-script-execution", "hashes": ["129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver several types of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "5737b55e9e3302f0092db383ffcd7e57dfb1e2178923ee8a43cccc8f246afc80", "58b803f22b0458d64a90aeefb84c1e72534edbedb7ca3b64544e8bfb7331dfc7", "5de35f2a6db516fb32da373049f9d3128d2af115dac3b777b257ae52d6399d7e", "5f69b9a201635edf0b717cde128fd0401cc1dd3b52f4ca2bc9d59f8d580ac0a6", "6011d30bda10ff7a9f9e5cc83968a34178af8cb958e7eb7fe50f5d735c06c590", "6cf15b2bdf1324dfe4a173c68e74e8a17e6db9d845fb9e89df7b297370f1c613", "6ec9a19d10d16b1c78d472d0b3429f07e3b3920aca1b81a5d70afa28b1cba193", "726e31acd5667cbc43a7794e9d21113279183f0bd85960d806c6f5de7c362a68", "7a4db191feed319df25b37b7dd08a5ea07c5db3f473f0076525a5a7fe088e720", "7ecd690976b0ac72e6926eaecb5cc0d56f03913ab6cc93223031007e1c98f322", "83ac0152aa1fb756bd3f68f7bd1c54a899606c76b155096880ee1e720127913b", "86fc1b341c20e5fb401bc23de429be9c4d1ec99f4224ce0f4da3f9ea2757f404", "88885d59b81dbf0c48797061e4340ed7b661b80331ee087afac15ba4f659cbfa", "8b0c8e2e702a5bacaff97866d57412716dcaa0910c120fd5163cfcedf04ba953", "8c88c679215c79fa7679059bafd5501a8f7a8b048adeff63a22911d58badcb2f", "8f2bd75f1401167fe41d6f0b4f304a197f597ff341266652dfc11452ebbbae1e", "8f427a543c568be54f87d3afeeb7633a7945aab84656e9738985c67e20805c57", "907dc6e9487521b234cb2c2b2d4910370cf167f90f7a56583be42a98e90889d9", "91695606baf31c28c8ce21cf311addf8d042deb1fd3f6dfabe49be8145c961f0", "93bf192b284a9f706c5b2f4e859b1c69a54f922152db2842804de5ce64d76317", "96e24fcfdcaf571256787a56bc1a7c603cf0e59d58590509fb979f6e5126198d", "978b7ad526fb97952f86fc51b27cd377a008b48d5f8e9d89ad62358fc7d0b7ae", "98e176a66d28d28ae3223f1642f231d326f850978bbbf16e16a7db39b6973f46", "9a2ed4ff96738fd1ddd7d910f1c322a6ca81d4e609b1dcbd84799ae2638ca73d", "9a612dfaf08e4c5dd63456a26dc1e403ce77622862d8db1407be7f9f74ae2ca3", "9ae09a69d247b8bba8125e9ff88ded1645747e06003b7115abd793a458e11b04", "9e021dd4e44872d2a1c586e024974c35c19746f88d6444747ba2ea00acf364cc", "a10ccac3999b2563b8c2cd3970c382d631c9e040a9fed7b3e062c49b0d7c7341", "a299164de48a99d5b3512d8d20f1e814335ca79a3270a51fae785b41d9d2a92c", "a2ff86eed1ed75e5ce23328081080f8a937b376ead7d15678b02be54251682b9", "a36e64d88614ebedcbceeca5358b7913127f0af57ccc074e81a602eefe42a8e0", "a38fb2220dd58e6949f5e50459865bc4e17a425d8073b9bc4960a639ef33dad8", "a6742a79387898aaf809df6063957e85c4c87fd53f6fa8b8e05c208d1d85ada2", "a9c3feeed5f5c25faa95f104936293d4a86cdf26b38fb1e7a3ee375fe35759c7", "aaf96cc21f46e94cdf121a07330656ec1d4aed3734c14e0c99713c1204dbfeef", "ada2ea4a8e2d121071741952e8183236c2d33a2e689aad1c359a84e76d0b98e2", "b23794b79051aa7c3257ec7afd8e5e3423d6ee5588cd095237704294a86734bf", "b52a77bbbfcd54a2ea73e2249e6286d3f27eec330e25220cce1ddf097e3f9f14", "b733012d8bf8fa6a6f6352788eb8e4c2bf78c36d0b8282e4ccdfa3a60c686a9a", "b96d9d51420297f4cc38d1d638878587c9b92331d63e8a841eb6f54c05ad7d50", "b9d4794000ec4bdb669b55ece8b0c7cf062c57bac4282668aa2647b3f806bd27", "ba288421007aca3d26b6e43193f09f61c98b5cb776b029e4425c748252567bac", "c1700e30ec129c45b52b3da523b837c4271411fe7d9d11f9a43562a60c11a09f", "c1adffb5ceaa74fc33ba94d81e19e37ec4db9fc20b1384664deb8d38ff73cb4d", "cd07bca598555bc44ea79d384318d90cd653d87390dc8fe65fdf356689ef0c40", "d1dea65be89ef46c53cd9518eabfcc4e965b45ce734b6cbab39e31fa8a3079e2", "d2cc06257b66f14852eeee955050046f23ec6a0ff39e021358a760d0646dd281", "d322678129a6de4f576b96537bfbf8c095cafa0ea9c7d0fe878cac91eaf1a668", "d3d6fe208f5a3e7f63b6611becf5eda2ab49b31f712c4a6a5c7b1a76c4fef1b7", "d48487f559751d9b81424f8361acd586e5b6aea35b0182498fb8ca64bf8aaeaa", "d4c6e5f155eb917bd15282a70a7c19b27a612def5264b4e8e01bf8dbf59e0cae", "d533f1d614ef3db83e4b8b57c7bf17e09553d933fedeac30fd251675927478df", "dc1e232e87403598db0a17a92b56bbe3d41c34e60b32adbc206606391b3d53f5", "dd6ce80ece4bbbbd9b0a13664e10079dbc6594eef59c808295824adc0bcd61c9", "dd7a46fc9c611da1cfdc01bf17ad13c7e1c0ea1a36bdd69928a48cc95a9c7cdc", "de3d238216977aa996fe72fffdb6b001093dfbee13f65bbbb5c4444d64d503ef", "e931feb8f711a5070963169d4ff6ba995865d9eadaff3faa879ca1c90e5de700", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a", "ebf9a3bdb2bb82516e5eb1139eb6be2e13531470cfca5d448928d66d86d20321", "ed400eddb1e0e6cad7154dd37a691c43b9a73affba7245e4febc606bd11b69ee", "eecea8fd330329b9b832be329a5ec67804ada3d27b6e7ae845f1d7493f99a013", "f1e341be3e0bc15d7317a9f14ced851ca7dc5841706d1c729c038b2a7808c4a8", "f211f14d52571d003ca4453e9d01d5f91e66b3721690b179eae0a5c0a5af22bb", "f55debcb7c24da9f641fceb6be9703a42fd6bd7b15543b75e422e05156774c0e", "f79f12a5ecf36a322ead1a824eb451f3aa8ddc769c2c63c33a994719d3a7388f", "fac5fe709d65e53860aae4c70e10e47bc3a4bde2b4f8aaa91e3ddb4cdb612570", "fc494d4b419e758620c30b412bd21901780dc1089750439d2d25bf94bc52def2", "ffb7f971406d369a8fd51ff621da6f45d6623f96456a7d1e7491732a94be23ac"], "iocs": {"domain": [{"hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "host": "mersia[.]com"}, {"hashes": ["14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "host": "apps[.]digsigtrust[.]com"}, {"hashes": ["14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "host": "apps[.]identrust[.]com"}, {"hashes": ["14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9"], "host": "e13678[.]dspb[.]akamaiedge[.]net"}], "file": [{"hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "path": "%HOMEPATH%\\322.exe"}, {"hashes": ["1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4"], "path": "%System32%\\NlsLexicons0009\\comdlg32.exe (copy)"}, {"hashes": ["2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651"], "path": "%System32%\\tzsync\\wininet.exe (copy)"}, {"hashes": ["318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e"], "path": "%System32%\\AuthHostProxy\\wifitask.exe (copy)"}, {"hashes": ["37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155"], "path": "%System32%\\SensorsCpl\\win32spl.exe (copy)"}, {"hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302"], "path": "%System32%\\RDSAppXHelper\\WcnApi.exe (copy)"}, {"hashes": ["482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10"], "path": "%System32%\\hnetcfg\\sdiageng.exe (copy)"}, {"hashes": ["28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877"], "path": "%System32%\\nlasvc\\ucsvc.exe (copy)"}, {"hashes": ["2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd"], "path": "%System32%\\PrintDialogs3D\\FWPUCLNT.exe (copy)"}, {"hashes": ["26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7"], "path": "%System32%\\mscoree\\kbdgeoer.exe (copy)"}], "ip": [{"hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "ip": "219[.]240[.]39[.]215"}, {"hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "ip": "47[.]146[.]32[.]175"}, {"hashes": ["14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "ip": "192[.]35[.]177[.]64"}, {"hashes": ["318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e"], "ip": "182[.]50[.]132[.]85"}], "mutex": [{"hashes": ["129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["0ca447b6394e50491f40aa154744522e0dd0fced72b2f35856f46e9a1e61f1a0", "0f5733a324ef602d162d0c1a8fe6cab82f3848a60bcc0d4d85c31df5ba56196b", "129a59ef23cad9fdb25fa5b1a912c88a0856c5718576d8a158d54748dcde7b57", "14df5a4c49d31640d9608852d16eb2683e5d89fae28185fb7faf8eaf9c1eed54", "1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "1c854aac6c58c6f6ea00c98ac569e1ca25382e1b7a898bccc4e069807180fcb4", "2252d8b27672143e02cea56c104d962796148d2fdafa1317333e7d62901770e6", "22de9efc9a264f18a04c05c903c23a85af864de3f1d8206dfc6c9380e7a67094", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "24a1c8543ee15e53767ca11f5274dd6a646a4296c8f2442b7e6c81ab0049e3df", "25f71cd8da80b0578f815cb507f84098e34c42bfdc970373984de42334c07339", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "2b8dc93006be9257340097a6dfda27571aa3c37c12f1eddc49c2b9f73565ab09", "2c17edda28946385a72063e4f5e5863e001a72f9a4805e210d95fa57b61a7651", "31811807e5cc16857a85bc0d69b6af5d4ca29c4ffb5ace9cecc0cf9245660236", "318b3cfee300a1da8fa190f063365fa0bb0fcc5e908ce2a2eeef6f4673bb0c9e", "37d8814119dd6a3cd0f807537e681a4b2b1d571e8c1d4ddf3c8d852e2e0bd155", "391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d", "39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302", "3dbf0bb636c2358964e5c9ae2cb3f68572ccea34dc1b20e79491674a12a275c2", "482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10", "4b4574331de7a4583c2a0d5eed8d114453c864e40643f51ed2a5f0547bb936a9", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd", "eb2fa7da4134ccab3547e41ac3ebf79e61dd4643cd65c429287126908ef8e69a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["1b100cbd09ceab749cbc7deb60199b0b523825d21070721d7e9e05710defe8fc", "1c2a9ba9266c11988601952ecaab5025c71be658f11c96591947c7825cc50096", "2397cf0a40939d9baa70257dbd6765c8f716bdfb1ea502d672b160e16303d6bd", "26c00d468f7203957661f1f7802a750742ad5f9d0d1ed546ef4d899eba2c93b7", "28adcb176b0934aab520b0fd053603cb03739e87fd532ac6ca1336aaaa545877", "4c8e9e97e9893824d3a93a3cde32020070765f30490bab39874bda1d6cfbd1cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VCRUNTIME140", "value_name": "ImagePath"}, {"hashes": ["482ef11eba89f570466c5e7d1b54083410c8a6a12b84f0f45ecbe10375b21e10"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VCRUNTIME140", "value_name": "Description"}, {"hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIBO", "value_name": "ImagePath"}, {"hashes": ["39510fcfca5aae3eed6aa0bf191aa1483b406aa8ba6962f88433080da726e302"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIBO", "value_name": "Description"}]}, "reports_count": 26}, "Win.Dropper.HawkEye-9235013-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "registry-autorun-key-modified", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-hollowing-detected", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-imports-toolhelp", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "startup-folder-lnk-file", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-uses-autoit", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-communications-smtp", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "listening-port-opened", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "compiler-vbc-run", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0005", "T1500"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-hawkeye-detected", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": []}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "regasm-network-connection", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0005", "TA0002", "T1121"]}, {"bi": "malware-generic-infostealer", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "enumeration-email-program-information", "hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "network-snort-protocol", "hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "HawkEye is an information-stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can propagate through removable media.", "hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "iocs": {"domain": [{"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "host": "whatismyipaddress[.]com"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "host": "repository[.]uzto[.]netdna-cdn[.]com"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "host": "repository[.]certum[.]pl"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2"], "host": "34[.]26[.]8[.]0[.]in-addr[.]arpa"}, {"hashes": ["be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6"], "host": "247[.]13[.]11[.]0[.]in-addr[.]arpa"}, {"hashes": ["4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33"], "host": "140[.]244[.]14[.]0[.]in-addr[.]arpa"}, {"hashes": ["6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d"], "host": "57[.]122[.]6[.]0[.]in-addr[.]arpa"}, {"hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "host": "jonweek[.]hopto[.]org"}], "file": [{"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\Windows Update"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\Windows Update\\svchost.exe"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\136812.lnk"}, {"hashes": ["3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\148124.lnk"}, {"hashes": ["4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\118330.lnk"}, {"hashes": ["71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\186360.lnk"}, {"hashes": ["544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\100077.lnk"}, {"hashes": ["cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\172294.lnk"}, {"hashes": ["705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\195023.lnk"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\138586.lnk"}, {"hashes": ["6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\198362.lnk"}, {"hashes": ["be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\100587.lnk"}, {"hashes": ["249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\169618.lnk"}, {"hashes": ["15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\135932.lnk"}, {"hashes": ["e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\171744.lnk"}, {"hashes": ["9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\114249.lnk"}, {"hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\171798.lnk"}, {"hashes": ["544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\193152.lnk"}, {"hashes": ["705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\196978.lnk"}, {"hashes": ["705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54"], "path": "%APPDATA%\\Monitor\\Screenshots\\08-06-2020\\9.01 PM"}, {"hashes": ["71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\168351.lnk"}, {"hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\167193.lnk"}], "ip": [{"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "ip": "108[.]161[.]187[.]74"}, {"hashes": ["15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc"], "ip": "104[.]16[.]154[.]36"}], "mutex": [{"hashes": ["aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465"], "name": "Global\\ Administrator1a8808fe0e67816dab6dbf80bebd224432b57c2f"}, {"hashes": ["705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54"], "name": "Global\\ Administrator1714d647f336841eca801b6d93f003e0bc0c1c8e"}], "registry": [{"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "svchost"}, {"hashes": ["136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2", "15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91eda", "249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3", "3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0", "4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33", "544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18a", "6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3d", "71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77", "9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93b", "be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6", "cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47ecc", "e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}]}, "reports_count": 14}, "Win.Dropper.LokiBot-9243098-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "pe-certificate-short-serial", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "feed-domain-rat", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-fast-flux-domain", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-known-trojan-av", "hashes": ["9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "compiler-vbc-run", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005", "T1500"]}, {"bi": "malware-hawkeye-detected", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "network-opendns-malicious", "hashes": ["9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007"]}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "malware-generic-infostealer", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "enumeration-email-program-information", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "netbios-query", "hashes": ["9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "http-response-client-error", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "sample-copied-to-usb", "hashes": ["757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "network-file-uploaded", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-snort-malware", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "hook-installed", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "files-created-vbs", "hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "vbs-calls-shell", "hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vbs-creates-and-runs", "hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-windows-script-launched", "hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "network-http-numeric-ip", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "pe-uses-armadillo", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-category-dynamic", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-dns-upload-file", "hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": []}, {"bi": "registry-hide-files", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-disablesuac", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "startup-folder-modification", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "file-ini-modified", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "deleted-executable-in-program-dir", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-renamer-mutex-detected", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": []}, {"bi": "disables-security-center-notifications", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-sality-mutex", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": []}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-ie-work-offline-settings-modified", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0040", "T1498"]}, {"bi": "system-startup-file-modification", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-override-security-center-monitoring", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-hex-data", "hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-vm", "hashes": ["e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from many popular applications. It is commonly pushed via malicious documents attached to spam emails.", "hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "65347787e5eba1f87de97c782ac4b7f5736df8810ee9c2820a85f3025658e7a3", "6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "iocs": {"domain": [{"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "host": "whatismyipaddress[.]com"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516"], "host": "hmcrogenics[.]com"}, {"hashes": ["18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28"], "host": "www[.]macniica[.]com"}, {"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "host": "global-dahuatech[.]com"}, {"hashes": ["7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef"], "host": "ragasgki[.]tk"}, {"hashes": ["909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "host": "us2[.]smtp[.]mailhostbox[.]com"}, {"hashes": ["cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808"], "host": "handrass[.]co[.]rs"}, {"hashes": ["52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a"], "host": "mail[.]elcarmelohotelhacienda[.]com"}, {"hashes": ["30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87"], "host": "ymams[.]cf"}, {"hashes": ["a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c"], "host": "boquils[.]ga"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178"], "host": "u17094677[.]hopto[.]org"}, {"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79"], "host": "4cbe38387ffe0773c605cef59e77417a[.]f378aa487b16a643ff99d3805fb1cb93[.]sink1[.]doombringer[.]pw"}, {"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79"], "host": "2755bfd9789361d8110422ee5c5a43c6[.]56e519622a486cc557b926f3be681509[.]sink1[.]doombringer[.]pw"}, {"hashes": ["4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793"], "host": "smtp[.]badlogs101[.]com"}, {"hashes": ["7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab"], "host": "sigawd[.]gq"}, {"hashes": ["5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "host": "be6e1ac5f9ee667e5ff4b59b40d35785[.]8cb19bb1aa8bccccd2f7c502f9b3befe[.]sink1[.]doombringer[.]pw"}, {"hashes": ["5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "host": "3569149a17a7613073c10f03a2339622[.]5cea3029ac4b8432302cb569497d4012[.]sink1[.]doombringer[.]pw"}, {"hashes": ["5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "host": "d519f69ddb567ebfcc9865f11eab6203[.]bf93d4e6ca6a7b55757fdcbbbcd68359[.]sink1[.]doombringer[.]pw"}, {"hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e"], "host": "ugo123[.]hopto[.]org"}, {"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79"], "host": "92b2eeaf1c756181519866a1837f0f65[.]d7ab16dc15f57e0b073d8b6cbe1db25d[.]sink1[.]doombringer[.]pw"}, {"hashes": ["9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744"], "host": "zibind[.]tk"}, {"hashes": ["bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "host": "fav121[.]hopto[.]org"}, {"hashes": ["e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f"], "host": "smtp[.]chidilogs[.]com"}], "file": [{"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%TEMP%\\SysInfo.txt"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "%APPDATA%\\Windows Update.exe"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "\\Sys.exe"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "\\autorun.inf"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "E:\\autorun.inf"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "path": "E:\\Sys.exe"}, {"hashes": ["7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c"], "path": "%TEMP%\\subfolder"}, {"hashes": ["7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c"], "path": "%TEMP%\\subfolder\\filename.exe"}, {"hashes": ["7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c"], "path": "%TEMP%\\subfolder\\filename.vbs"}, {"hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "path": "%TEMP%\\0E697DA4_Rar\\49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e.exe"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "path": "%TEMP%\\winfduto.exe"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "path": "%TEMP%\\winvtibk.exe"}, {"hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e"], "path": "%APPDATA%\\logs\\logs.dat"}], "ip": [{"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "ip": "46[.]101[.]46[.]83"}, {"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce"], "ip": "143[.]215[.]215[.]205"}, {"hashes": ["26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "ip": "208[.]91[.]199[.]224"}, {"hashes": ["07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1"], "ip": "172[.]217[.]7[.]238"}, {"hashes": ["52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a"], "ip": "23[.]111[.]168[.]182"}, {"hashes": ["9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744"], "ip": "195[.]20[.]46[.]117"}, {"hashes": ["cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808"], "ip": "45[.]80[.]132[.]70"}], "mutex": [{"hashes": ["0f28ecc4396a455536419237a6f31507e2e6dddc495ed6f19ef3d01da6b31f79", "18f6abcd0c4e10008eb20f92c458eb205dcd34c547a98e1579e45a87691035ee", "307371dfafdd0584d0925d12c1d1d956c97d262f33f7956cebdab40916152178", "30bb667f4f0f09051e223416d343ba052f482695147aa81f9a5d28b768e48d87", "42fa0bf6cce7090ccfcd62626de0f39cb4b9216d896a01729e81029597eb8b83", "50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "5a43129a036e2c78d7a5a1af207cf1b9c27f7e87dd491905c46ab5840cf861b1", "5b8b9dbb0645e115417dadefb4145e8110a6e52d7d1511346a4e9f3c5742954a", "5b9d98d7b4c2c777702d933fbd4d98276a28fd2a883e71fe905a20b186cfebce", "6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "7fc4e594db6b7588aa97406a0b2f2658ebbf8b72c9989fe772a50b2716c09869", "8a13e39ee06287d27bf25e8578b8bddb1df96c926b0c0dea681e529382068afe", "90ab312fda877522d40b3b6deebaaf13c9abb25540c8971b94ed57cb00e23e88", "90f225e5e42f649e097097ea0235d404968c71cdd1e320e8bd1dc5d643d3dc2c", "9736d2ffe987e85fbd12b0680690f1a420d9da9a6ce107fb9fdd1e2c23d9c496", "9f6ab6557cb143f9e54873466c03cf00cacb5048a236eab907e3a963eb77a516", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a72580be0fcd4ffb3104a6b97d959eadd86288ea4d044f84dfebb8f503612c28", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba", "cbabbdbbc486db86e181ea713ecef4b078e2d0189adf9436f8084c5d5942d808", "eb4a13897898f21b7f6fea066e335b0eae96a2c06ddaa46836f1f50d636c41ef"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178", "6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e", "bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "name": "uxJLpe1m"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "name": "Paint"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178"], "name": "remcos_dciilklkbxnrgct"}, {"hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "name": "Global\\81fe4700-da30-11ea-887e-00501e3ae7b6"}, {"hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "name": "Global\\832a3441-da30-11ea-887e-00501e3ae7b6"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "name": "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390M_1632_"}, {"hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e"], "name": "remcos_eipufbkewpsixta"}, {"hashes": ["bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "name": "remcos_rxrontrtepflpgg"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "name": "<process name>.exeM_<pid>_"}], "registry": [{"hashes": ["057796b76454e439da35d7a8c655561c907d44c626fd58fee544f35278db4ce3", "07152dd6093a4ff27e60fce4d44435a0dd18c4fc5fc3e15b1717216ea83c3ef1", "12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343", "4336224c9bfcd2ac539a10b7ad1373afef581ab234b58c28fb6ddb41f9fa0793", "49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e", "4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42", "52a29709f63cf9eb6f51ddfab1be327afdf6479bf85e8389b74a708b1dcfc93a", "5815c611c2a00da248c7d040b6c34defb22787a51601f43533079589a330f239", "6f7795742f1c360dd43d2a814607da31639afa96ae1636b51df382b9bd727623", "757b1b380cbf84dfb55a5cd9649759b646806f1c73a1c59da9522f3da66bf3be", "83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b", "909e0d5b1260b56b89503edd2b9604aec058f32e9e1e08b21ca64d3d6dbfd92a", "9d1be321129bc80e7a89e30718774fe1cd422c2df45652fe9b90193306ee3004", "c5e6391842a1d14614684026582c1b271c083b0e2f0e09412b93e55e69b9176e", "e7450790d976a1501f0f303f94fe50e8405f3d5b2b37c6669d3c6b82d73eb99f", "ecd6c9ace2e142e7bfae58a9c18ff98e4f8e6a810eee53edae9f0fc5d3a2874b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["7d3bababa5df16815edfd580fe572ce130165b4b69b4a65f43de96b385b973ab", "8f56c79fccbdacca8964d3fd0ba904f00c48a78ddff2af29e1fd0f635dd4f088", "9f886c51503fa28598ea74eb9ab8864f217f95f8bf2e99c1742f0edb6b04a744", "a9e3ff24f93209e3c49684aaa28e94946913a137c63716e5328e6779db22e16c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}, {"hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33", "26cf0752e3d93ddb16646e585a560ad35849afe31302064972d1227344394343"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A4_7"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A3_8"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A4_8"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A3_9"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A4_9"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A3_10"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A4_10"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A3_11"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A4_11"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_10"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_10"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_0"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_0"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ\\-993627007", "value_name": "1768776769"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ\\-993627007", "value_name": "253949253"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ\\-993627007", "value_name": "2022726022"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ\\-993627007", "value_name": "-503464505"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_2"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_7"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_1"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_1"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_2"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_3"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_3"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_4"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_4"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_5"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_5"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_6"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_6"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_7"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_8"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_8"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_9"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_9"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A1_11"}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": "A2_11"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178"], "key": "<HKCU>\\SOFTWARE\\REMCOS_DCIILKLKBXNRGCT", "value_name": null}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ", "value_name": null}, {"hashes": ["49d2e74c38f4d5c05ed95ab726d0967a74194e1f03b0ef76e3f9ea7f5306390e"], "key": "<HKCU>\\SOFTWARE\\FOBVEXLLMTQKQ\\-993627007", "value_name": null}, {"hashes": ["12d840728aa253f08afaa9eef0f40a6bd362d073ef50ece71b15fb27752f0a33"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\WINDOWS ERROR REPORTING\\DEBUG", "value_name": "StoreLocation"}, {"hashes": ["50e795161b6b450e9b7750b62273d993d96b522e64fd3e752b25bfd8a94be178"], "key": "<HKCU>\\SOFTWARE\\REMCOS_DCIILKLKBXNRGCT", "value_name": "EXEpath"}, {"hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e"], "key": "<HKCU>\\SOFTWARE\\REMCOS_EIPUFBKEWPSIXTA", "value_name": null}, {"hashes": ["6b79c1e0b316c3e0bb6451fabef51e0eaee4d66c6e0274282e0fde649f2abd1e"], "key": "<HKCU>\\SOFTWARE\\REMCOS_EIPUFBKEWPSIXTA", "value_name": "EXEpath"}, {"hashes": ["bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "key": "<HKCU>\\SOFTWARE\\REMCOS_RXRONTRTEPFLPGG", "value_name": null}, {"hashes": ["bbcecdba2d832542e116884fbeba660489e267e1b4c133454780c4e9555e98ba"], "key": "<HKCU>\\SOFTWARE\\REMCOS_RXRONTRTEPFLPGG", "value_name": "EXEpath"}]}, "reports_count": 42}, "Win.Dropper.Razy-9229720-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "process-hollowing-detected", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "process-with-multiple-children", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f", "1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypt the data, and sends it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "iocs": {"domain": [{"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "host": "icepower[.]su"}, {"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "host": "priple-red[.]su"}], "file": [], "ip": [], "mutex": [], "registry": [{"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "key": "<HKCU>\\SOFTWARE\\PWRKXXZKWU", "value_name": "License"}, {"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PWRKXXZKWU", "value_name": "License"}, {"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PWRKXXZKWU", "value_name": null}, {"hashes": ["1f2cda85711967b02c65c120a06851c4e205d0b7ae2e6de25fa7f61f0fffa996", "46638c95ad892f34f352f2ff99347162c1d4728bf4d66338ea06096173cd2d9f", "47d8174966e78d8aac7ed22260fdddbecd3d3a36d1d6240472db66fdc48f3a4f", "5530c2c064403074012bc36f4a79868c46dfb6a23cd25f49130bc18c0566b099", "5d399575647662a97a1ed98fc32f027fe94226a65a2996eeb4df06ba3cc95ce6", "64603646e38d45c2babed67a8bc07164d860b6cb1a12d7887ca02756d0e2c171", "6b634e523f675245f042945c29988087b01be1c848ccff5e7863d87271dc2715", "70797d1de39870d87b8b31eb3406157490b9bb04b19e699975b1251a7472004c", "951d9740be663613f53bf63f7d7caae8f8ecaf8b04be095ea4240a9f351d0504", "b2c91856e402f2120c159ac6b122eb6266ba190cc7f715f854344179c3ca84fe", "d0cd5f75c21b424cdf361b7a9786008301a35228407fcf54a597153cfca1d2b2", "d73a7f2a20481af196285dda4a7709e0d714a678cf87edd96717953f53e7c53f"], "key": "<HKCU>\\SOFTWARE\\PWRKXXZKWU", "value_name": null}]}, "reports_count": 12}, "Win.Dropper.Tofsee-9234606-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "process-long-cmdline", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "listening-port-opened", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "pe-tls-callback", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-compound-cta-activity", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1031"]}, {"bi": "netbios-null-domain", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "sc-service-create", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "new-service-launched", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0002", "T1105", "T1112"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-snort-server", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-opendns-malicious", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-file-uploaded", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-non-standard-port", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "TA0005", "T1065"]}, {"bi": "nginx-webserver-detected", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "mitre_attack_tags": []}, {"bi": "network-dns-category-proxy", "hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "mitre_attack_tags": []}, {"bi": "network-dns-category-new", "hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "http-response-client-error", "hashes": ["a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features several modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "iocs": {"domain": [{"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "schema[.]org"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "ip02[.]gntl[.]co[.]uk"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "msr[.]pool[.]gntl[.]co[.]uk"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "host": "116[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "market[.]yandex[.]ru"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "host": "www[.]sendspace[.]com"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "host": "api[.]sendspace[.]com"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "host": "www[.]sneakersnstuff[.]com"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "host": "www[.]offspring[.]co[.]uk"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "host": "api2[.]endclothing[.]com"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "host": "s2[.]ipinfo[.]pw"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "host": "s1[.]ipinfo[.]pw"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "host": "www[.]google[.]com[.]au"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "lh3[.]googleusercontent[.]com"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287"], "host": "epicgames[.]com"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287"], "host": "www[.]epicgames[.]com"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "static[.]ibsrv[.]net"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "host": "check-host[.]net"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "www[.]google[.]ru"}, {"hashes": ["8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "www[.]google[.]ch"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "host": "work[.]a-poster[.]info"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "115[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287"], "host": "www[.]google[.]by"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "host": "lumtest[.]com"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "carewanderlust[.]com"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "marufrezabyron[.]com"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d"], "host": "www[.]google[.]de"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55"], "host": "www[.]google[.]com[.]sg"}, {"hashes": ["ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "smtp[.]rodaimoveis[.]com[.]br"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "carlitos[.]com[.]py"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "xoom-technology[.]com"}, {"hashes": ["ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "mail[.]national[.]shitposting[.]agency"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "alrayana[.]com"}, {"hashes": ["ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "profitox[.]in"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a"], "host": "pasjomat[.]pl"}, {"hashes": ["ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "host": "mail[.]fairlandowls[.]com"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55"], "host": "e10634[.]b[.]akamaiedge[.]net"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55"], "host": "www[.]zalando[.]de"}, {"hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "popzaq[.]esk[.]m4[.]zaq[.]ne[.]jp"}, {"hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "mail[.]two-wrap[.]nl"}, {"hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "host": "mail[.]jtw[.]zaq[.]ne[.]jp"}], "file": [{"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "\\Device\\ConDrv"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%SystemRoot%\\SERVIC~2\\Local Settings\\AppData\\Local\\Temp\\MpCmdRun.log"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "path": "%System32%\\<random, matching '[a-z]{8}\\[a-z]{6,8}'>.exe (copy)"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7"], "path": "%TEMP%\\prmslyi.exe"}, {"hashes": ["2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d"], "path": "%System32%\\sxkvysd\\qmeebqpd.exe (copy)"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2"], "path": "%System32%\\xjrbzyk\\kntncnye.exe (copy)"}, {"hashes": ["9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33"], "path": "%System32%\\cemihdo\\hdvvshgu.exe (copy)"}, {"hashes": ["d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "path": "%System32%\\lbfrdwo\\sedrcmuo.exe (copy)"}], "ip": [{"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "104[.]90[.]132[.]221"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "ip": "157[.]240[.]18[.]63"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "209[.]85[.]201[.]106"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "83[.]151[.]238[.]34"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "209[.]85[.]201[.]104/31"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "98[.]136[.]96[.]76/31"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2"], "ip": "23[.]61[.]211[.]155"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "ip": "2[.]22[.]2[.]5"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "ip": "12[.]167[.]151[.]116"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "87[.]250[.]250[.]22"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "209[.]85[.]201[.]147"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "209[.]85[.]201[.]103"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "ip": "69[.]31[.]136[.]5"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "209[.]85[.]201[.]99"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "67[.]195[.]228[.]109"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "67[.]195[.]204[.]77"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "31[.]13[.]93[.]174"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "66[.]171[.]248[.]178"}, {"hashes": ["3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "ip": "40[.]112[.]72[.]205"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "ip": "157[.]245[.]5[.]40"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "ip": "23[.]10[.]140[.]131"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "ip": "185[.]86[.]151[.]224"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "ip": "23[.]64[.]97[.]254"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "ip": "185[.]86[.]151[.]25"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33"], "ip": "209[.]126[.]119[.]175"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "ip": "172[.]217[.]7[.]227"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287"], "ip": "104[.]18[.]128[.]12"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0"], "ip": "37[.]28[.]155[.]134"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33"], "ip": "185[.]255[.]55[.]29"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33"], "ip": "98[.]136[.]96[.]74"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "ip": "104[.]47[.]10[.]33"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d"], "ip": "104[.]28[.]19[.]94"}, {"hashes": ["9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287"], "ip": "172[.]67[.]208[.]45"}], "mutex": [], "registry": [{"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7", "05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0", "2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d", "79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0", "9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33", "9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249", "ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["2e1c0d5f56ce3facc62ddf95367f80d30536518dd2ac185a00cee2a0fc8ba42d", "3bf28902ab33affea183db786d30e8d5484f4829da45a2de365d858106b99bdd", "a44c583addd5c5fc46dd4b453ffd8e0a4803bbe077054de15e2e3242169719f7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\buionvbq"}, {"hashes": ["4d7725f07de457a3488dbd3584a51030073babf4b5de2041e6352ccef5211d55", "8e518c0ad1180bf0ad6416d77501371a931349522e426c9414e684d085634ce0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gzntsagv"}, {"hashes": ["79a9bb0b38e7a195a682cd53dc447c7e1c641d147586b447a6efc6a17607527a", "9b14ea7aaaf8c453001f9aeebf78bac5633161389a902b798872fa56b3d6dad8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\nguazhnc"}, {"hashes": ["9d146bbf7d220dd675e1a1f5e51ffa170d59b2b089ccd28d765a77d8e4326287", "d08de16ac2883eaee64c9680574b2dda7d090a1c1020cd41da6edfc4c15e67a3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\piwcbjpe"}, {"hashes": ["50a1516c6fedc037b56c50ed314a92e854811a1aa5b92ab0ba1cc9102ea97ec2", "a0c597b74d27211665be240ee88ad869a72f3929baba3f734419cf7832ced500"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\qjxdckqf"}, {"hashes": ["ee488d3e80082a5cafbdfddbce834f69cdb38c9befec19edf558d0915f49f1e2", "fa60fb510c7482ed697c90faf7ed47a641e2cea70c849689041cd7fd7a157ded"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\ohvbaiod"}, {"hashes": ["9329327cf81fc5344a3cc07252cf2cb693d60f7b7569fda854b8f32ab9945f33"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\exlrqyet"}, {"hashes": ["0162982feb9a89a229bb5ee30cac6e7c93ec09faa8f76b96e5537ff165e09ad7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\wpdjiqwl"}, {"hashes": ["6913602f33b7b4067250f561089037e736e528c3720d2534f8fc1bfa0706634d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\yrflksyn"}, {"hashes": ["f204ba7ee95ec7ac4d2ba01db119824f80af6c591e00550fb3deec903303e790"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\dwkqpxds"}, {"hashes": ["05ff135072e0e313524bfe9e4f142cc11b17c691ebfb5117fe1d95fafabccbd0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\vocihpvk"}, {"hashes": ["ecae67b06ad68ac335a60fd12e86fcc2ebc7ceff3fa972728db67fc49dee5249"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\fymsrzfu"}, {"hashes": ["8dd33de39aeb4eb9a10c92ccea4eeda8d81224348cf2ca2434735b66d9e6878a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\xqekjrxm"}]}, "reports_count": 20}, "Win.Packed.Zusy-9228639-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-file-uploaded", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "artifact-windows-task", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "url-not-found", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-vm-detect", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-section-execute-writable", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-fast-flux-domain", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-category-cnc", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-benign-process", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "potential-registry-persistence", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": []}, {"bi": "network-explorer-process", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "process-check-virtualbox", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-image-file-execution-debugger", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "image-file-execution-options-set", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0004", "TA0003", "TA0005", "T1183"]}, {"bi": "image-file-execution-options-set-to-malicious-value", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0004", "TA0003", "TA0005", "T1183"]}, {"bi": "disables-windows-firewall", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-check-vmware", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-disable-exception-chain-validation", "hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "process-requested-named-pipe", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "excessive-sample-duplication", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "process-with-multiple-children", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-on-usb", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "possible-dga-communication", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "artifact-multiple-extensions", "hashes": ["589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-banking", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-hide-files", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-disablesuac", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-action-center-disabled", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-chthonic-rat-detected", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-encrypted-section", "hashes": ["6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "http-response-client-error", "hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "fake-explorer-process", "hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "mitre_attack_tags": []}, {"bi": "fake-recycler-folder-creation", "hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "fault-report-file-created", "hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-dns-malicious-snort", "hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": []}, {"bi": "cta-match", "hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64", "613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "6da0007b9602d2dd9997758ac21e9a6047343c753383acbf0d765311159cce87", "719e166ee263058217ea86c0f920873c8d5e6e44fb03b6924d43389809a6a905", "744d4053619c41eb17827169fe7d47042d43d2f692536e6d1f696297e3122dd0", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "7f48355cbc03cfba6b0b77eec09ce974bb363152c817de6afd3dbb7fc3263246", "80461f776636ac667f3ed88bed477b7c867dd7d385d3d15d2547b195e59a77c4", "80ca5d03d64ae6b3d0e859451b3938479e3abedc9f5b88d701a1da67ae88e6dd", "8c0ad428efcd3eb18c64569f6fead3fad65ad8f47b37895667e87351af7ed164", "96c316c75447ee0b7af951d8dbd44450cd9ed221c127848d4945593fd92d3f6a", "97fc7c52086e533679835b8761e5aa7d0c07d9a6b5b6d2d837543f6b35becf88", "985ce853868221b2af30d0f8366cf0126496cd8efb9952eb334e2ab63f212fbe", "9925fc1163532b881f63a94c6a6a02d7be2b3b05d44b74454acae046f3a0107c", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "a618d8a0207fc86f8037567eea424ac258fadffac2b3e20683495eb3985a5c3e", "a74195310322c00ae351034ab72c1c112a4e1a3892561a5b4bb61f40d54d06bd", "adce17078b66a7e1de1a2284da990f0954d3fb0a7b8d1923e9645678fe93f5cc", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "b42c221c11e44f6812078b725dc6dac2a9b7c0e7e05b7243b279c2793116d81d", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "bf2fe9daf288cba8123c824405e2bf6518f5dd68d1cb7376c785b1d62ee05145", "c243412be0aa1fbe9edb483f40c4d91102c43441291004dde371a0f9110a19dc", "c2740a21ba4dfba1faeceba78a9ae8491abc00ae850638416987182c0721d9b6", "c2b8d632dd6ae35c48b79670a015f2061abafef7e12424510cd593787a1ca894", "c3b85e10a0aaf387a9fe06f2c5e2bd6f7dbacfe22c36565afbab2e2e019b16bd", "d1ecb91105435a883404326d69edbe8a8ea422430fa778ff20dc1e15abb19bcb", "d328b27b3b1e29f390fa333c7fbf47898e0f7e156f9cbdc3c7e833a9d673a188", "d35aba5188a1b25439387a5a9c12d4329cd5dc21284703195d8e7cea18020331", "d4cce71ea4c21344bc8eddc2c6f6e5fb36d1ab635cb913db69d78c071a6a8868", "d5a0b48fa95b7e1fd90cf43618bc201b61693c5bd8c3ad2d13daa6d147ae6bd8", "db182f12a1530c9e818376321fcca8513d83bc6eaab8d6c80b2e8a5ad78318d4", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "f2f2c000c6eec12bb27b2873649df46232aeb12c913ed12c97705c77bcfd80f3", "fca26006e68f3ae8d8441a4b564b1115498eff205b7b4c7fef78776b4f37e95d", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "iocs": {"domain": [{"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "host": "connect-support-server[.]ru"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "host": "bestbrightday[.]ru"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "host": "paranormal-online-kino[.]ru"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "host": "jabber001[.]nas[.]ru"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "host": "www6[.]cdljussarago[.]com[.]br"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "host": "www6[.]tamareirashotelmg[.]com[.]br"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "api[.]wipmania[.]com"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]lotys[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]zhgcuntif[.]ru"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "host": "europe[.]pool[.]ntp[.]org"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]jupoofsnc[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]kvupdstwh[.]ru"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]aoyylwyxd[.]ru"}, {"hashes": ["249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "host": "n[.]spgpemwqk[.]ru"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva8azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva100azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva10azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva6azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva11azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva3azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva9azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva7azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva5azxd[.]com"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "host": "nutqauytva4azxd[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva9g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva4g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva2g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva11g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva13g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva5g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva10g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva3g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva12g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva1g[.]com"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "host": "nutqauytva6g[.]com"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "host": "and3[.]wizatoberegisterd3[.]com"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "host": "and3[.]dqnbnewproaaxies3[.]com"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "host": "and3[.]wizatoberegisterd4[.]com"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "host": "wikipidiwako122[.]com"}, {"hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "host": "b[.]nas[.]ru"}, {"hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "host": "a[.]nas[.]ru"}, {"hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "host": "c[.]nas[.]ru"}], "file": [{"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "path": "%APPDATA%\\UVJlWVxU"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "path": "%SystemRoot%\\Tasks\\UVJlWVxU.job"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "dd0c9f3843aaefeea849e909338f55199c45856ba0d208b12a5e2ff3a8edca01", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "path": "%System32%\\Tasks\\UVJlWVxU"}, {"hashes": ["0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "path": "%ProgramData%\\6b407430"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "path": "%ProgramData%\\6b407430\\desktop.ini"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "\\jsdrpAj.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\Microsoft\\Windows\\themes\\Eoawaa.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "E:\\c731200"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\Update"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\Update\\Explorer.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\Update\\Update.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\WindowsUpdate"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\WindowsUpdate\\Updater.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%APPDATA%\\c731200"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%TEMP%\\c731200"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\Tasks\\Windows Updater"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178"], "path": "%APPDATA%\\UVJlWVxU\\hh.exe"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\sru\\SRU.chk"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\sru\\SRU.log"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "path": "%System32%\\sru\\SRUDB.dat"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178"], "path": "%HOMEPATH%\\Videos\\hh.exe"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "path": "%HOMEPATH%\\Videos\\twunk_32.exe"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "path": "%APPDATA%\\UVJlWVxU\\twunk_32.exe"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "path": "%APPDATA%\\UVJlWVxU\\twunk_16.exe"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "path": "%HOMEPATH%\\Videos\\twunk_16.exe"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "path": "%ProgramData%\\msodtyzm.exe"}, {"hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560"], "path": "%HOMEPATH%\\Videos\\explorer.exe"}, {"hashes": ["a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "path": "%HOMEPATH%\\Videos\\splwow64.exe"}, {"hashes": ["6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560"], "path": "%HOMEPATH%\\Videos\\write.exe"}, {"hashes": ["a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "path": "%APPDATA%\\UVJlWVxU\\splwow64.exe"}, {"hashes": ["1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00"], "path": "%HOMEPATH%\\Videos\\helppane.exe"}, {"hashes": ["1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00"], "path": "%APPDATA%\\UVJlWVxU\\helppane.exe"}], "ip": [{"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "ip": "184[.]105[.]192[.]2"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "ip": "172[.]217[.]13[.]78"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "ip": "212[.]83[.]168[.]196"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "ip": "204[.]95[.]99[.]243"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "ip": "162[.]217[.]99[.]134"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "ip": "20[.]41[.]46[.]145"}, {"hashes": ["2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793"], "ip": "209[.]85[.]144[.]100/31"}, {"hashes": ["0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd"], "ip": "194[.]165[.]16[.]68"}, {"hashes": ["0d6e7d16280cee4e9b3c21a1bda49445ac2fd359b92807700d1313b81b11845c", "4025a3eeadff2c7ad9583af81ef3bc3f519b527899f5f257469f136c1fb7edcd"], "ip": "194[.]165[.]16[.]15"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "ip": "40[.]67[.]189[.]14"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "ip": "20[.]45[.]1[.]107"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4"], "ip": "104[.]215[.]148[.]63"}, {"hashes": ["679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "ip": "40[.]90[.]247[.]210"}, {"hashes": ["39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4"], "ip": "40[.]91[.]124[.]111"}, {"hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "ip": "109[.]120[.]180[.]29"}, {"hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "ip": "91[.]232[.]105[.]127"}, {"hashes": ["515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "ip": "81[.]128[.]218[.]110"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5"], "ip": "176[.]9[.]1[.]211"}, {"hashes": ["39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4"], "ip": "90[.]155[.]73[.]34"}, {"hashes": ["3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "ip": "178[.]33[.]203[.]115"}], "mutex": [{"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "6729ec8b5e8688a6af9e82b97fd94943f906ad537a60873eb167454398f04178", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1", "6d7d5b6be88e92c2faeb8d3797688dd9a6bdbd67834626e726cb7443ee7f0732", "7581c2967626670fe636f56fd5f639e28472d1577393891e8384790999772560", "a13753fb2615b00200cf0cab9bcaa13fc46f45500a4fd14add1fd3983cd18948", "b1cd3a2cc4579b0ac3603e27714db32b2a55f9130f5680449da9fa6bd8d6de00", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f", "ff1342352e5a9ebf45412456b8619dc03ae52f98c2d1432bd39b84aeebfbe40f"], "name": "UVJlWVxU"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "c731200"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "-9caf4c3fMutex"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "FvLQ49I\u007f\u203a\u00ac{Ljj6m"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "SSLOADasdasc000900"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "name": "FvLQ49I   {Ljj6m"}, {"hashes": ["4e5d8471486251f9d0ce06d5338798f7c02d072e6d8616411c55d49e4aca76ff"], "name": "alFSVWJB"}, {"hashes": ["408640851beaad6fc9396d369fe92c3d4f56473848200a6b99822dcae0595633"], "name": "ZBR-JNSEXOBM"}, {"hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "name": "Global\\59b463c1-d7ff-11ea-887e-00501e3ae7b6"}, {"hashes": ["613b5c863a65d30cbdaf52615b3037cfd5b9fd701b448f7bf504b33a696c10d4"], "name": "abg1c11vee"}], "registry": [{"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\PUBLICPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SSDPSRV", "value_name": "Start"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "HAL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "WAVK"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "IOBPL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "IOBSL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "IOBAL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "IOBGL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "IOBDL"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "911k1e97"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "911k1e97"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "GLA"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\TOOLKIT", "value_name": "Favorites"}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\RSTRUI.EXE", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MYMAILCLIENT", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\TOOLKIT", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CW1", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\VU2", "value_name": null}, {"hashes": ["2791bccaffb04cb2a65d03d0a6414af81a5b7e931873da2c5050ab4a6bce6bc5", "2b4e145a7c93d039a486725200052752a2f26489830a73b48d2921b837dd2d69", "52b2715d6e26891f089e9e877bad9342b2e62562b93cf422e210150c1135d533", "67cd689dc06444ca234cc91be71fb03c64d5a2d1918b761df009b52d81edf793", "694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CG1", "value_name": "BID"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eoawaa"}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update Installer"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["069e5ab9d19c9bb8857307eabfb6727d0ab44dceea02945ceef6108885612bed", "249ea0cb4e56ffcc638826e0dd3910b5fc7efe3ea2b07eddd70df7651264d38d", "28fe7c939ac540649304854c67f4b6237ab5f8f0d8065c071acdf423840451e7", "589c9e24427d74d3bf561ab6fce690a4c5a64df3f9f28c70cb9481fc4ed77f64"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BCSSync"}, {"hashes": ["39ed52271089bbdcd11aa6e5629db07bde8cf800819c1dcbc927c4fd51910fb4", "3a4c68180728c2c9c381dcdd9061c6e2f9b49a2112be20089c34ae672b302f47"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "2827271948"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "1081297374"}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS", "value_name": null}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS\\RUN", "value_name": null}, {"hashes": ["22621844f9768fe3d89bda1205e13ff16e3753245d6cc16a42d64e04431d0cf5", "515e48b5d050988c94e1e6a27c9c1928123972270b8b7d51791bd7dbab16b192"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS\\RUN", "value_name": "1081297374"}, {"hashes": ["1f3252d4e852defa721f006b8aca98b02a7d16b4995336ffecc0a838d7072bdd", "2ac4a793ecfae3d3203c468173715b3a8026d0f76de9ea0613f8cd3465a78f40"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hh.exe"}, {"hashes": ["15eb00527b4da2a5b6b6bc1cf16dd20054f3a78dbdc0108c58d1d85c0f64725a", "679b7ac531523e2799530300a34c11effdd1981829e0d4ad0f196ef1ba0c96b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "twunk_32.exe"}, {"hashes": ["1c56fcb8d5422a88b3152489f17ab5626723472372c0b1059b609b5c6eaecaf5", "ba94d4d1281caff6bc5b2711381cc95ebcf66105ac5da31c7f362475cf8eb40f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "twunk_16.exe"}, {"hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "3e4e0412"}, {"hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3e4e0412"}, {"hashes": ["694edcea91cd602392e2e84d3d4b673d0488cfce36cdb59141418b3ee781a419"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0B5E1E5E\\CW1", "value_name": "1068"}]}, "reports_count": 31}, "Win.Trojan.ZeroAccess-9227749-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-modified", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-public-server-contacted", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registered-com-server", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0002", "T1106"]}, {"bi": "excessive-udp-connections", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-modified", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0003"]}, {"bi": "network-dns-safe-categories", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "geoip-ip-address-location-attempt", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "malware-zeroaccess-variant-detected", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "winsock-parameters-modified", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0011", "TA0003", "T1112", "T1040"]}, {"bi": "malware-zeroaccess-v2-variant-detected", "hashes": ["37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": []}, {"bi": "network-protocol-mismatch-dns", "hashes": ["30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005"], "mitre_attack_tags": ["TA0011", "TA0005", "T1094"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.", "hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "3a5b08ba2656c150b6751fb4375b8e260ee42626209397398e244a568c5cf875", "3aa3dff7fa6f816941e4f665aa0d2add8d218dab9e4e4f0e688e9cb344e7bcb0", "3d1e3bc19a6809068d5ee6595f64e060868918a725d165bbfece9abad92e1c2b", "3df6dcf08bf62ed3234cd77d785622fc1e08318d33a0a56d87529cc18b2fdc02", "3e1b6f69dec1064075a1668424a6843b1b9e5c4edfecbdcbbdde6c7370a5cbd4", "3e448b082d3ad9730286f4fa4533c74d8215a6031de97f04bcea0cf3f4f558cc", "420a4be2800ebeaeb880867f2853117bcc44515f8edf7006a9f55b9278ec5cd4", "42e34ceee2fd72de2a77161ef7ca941c1f50ffa1caec47cc1141748750ebcfad", "44171d78a3ee9fef9b235fcc72c13717ce93bf3deb90f6d4a41001fe7dc58b35", "44f14ab4785cf09a3523a5628f495e71552685aa8b22c1182a6f5f8aa3db29f1", "47619293cc058f37310dab734cf01f5dacc51294f98caf5582c688d11eb67130", "4a60cb7efe8e90e5181f99b24c032a16bb2b522e06eef9e78c8c442ddf8c83c6", "4caaa5467e37255bcf47fd84b9ba0e41e035f134814b6aa0ce32c81e9e7d3c3f", "4ef707dc253d0c905d54a4c6e7382573a27aadb26751bc74bd228f9bcedec9db", "53c6508e1230096cfee01f8ccbca63fcc2fb1303182de1ad13bf0d664e635625", "5596d562a799a09594270b6bdce44b3e26858f391497ae8e288f05c0475abfa6", "55bc9d401b6494101a0083afcf2ae4fd64fb1bff5e3b46509604737d9aaf2d46", "5625de8d9bf01085182feb32016957e6191d439ea743f54743cb4c4e009a7c48", "5d32f893875057b648a2fed6ef3527fb7451ba38738404ecfb26a49470cc77cb", "5e234bd49d81008dba13959fbd7baea9b00ac96801106432dd9ee87a7f943f1e", "5e612c5aa21f5b49cf537aea29e2ef4dc7d7346d74a76f36396e07274d2cea51", "61630f0c498e522f82384f7d50363340241d1809f3bb99dfaab05678deb2b0d9", "635ba5838529a64b4505d827243aab8274ef0ff3eaf92425eff9bb52770fbc6c", "63b0cc6e0a4a24887475c5baaefaa6238f100f4bcc2cd0ee7a89f2dec7319226", "64b3cdd7bc6fe1a79b7d0df828c6662551ca8f26a128571f4119efc69c4f21de", "6568c34b32fb8841ea0b7193c9e9e223b4b29639a4be425bd3d58ff390f43839", "658b1382b22f3bfa0591b875174628170d5895cbdf4596eeabf892e7569efca6", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "6b1995b384b1a1fec2bcc04a9ac91d97b2dfd5c426de96d86ecdf9aed8a5695f", "6c6278fc5cc44e43e727824ceaab2798f93adb875f02504f70be1821bf5ef85e", "6e4fb264132ca5ad6869971c8e0dd32f7cec8eb340ee56b72a7243708791e969", "706f1e9021caee6a40e7554d376c3d38860057d192b89a74bc56592871d81f0c", "70aee73f6ec1789bb78d26198b0f972067fc33ae04e7adff139db3f6af77680f", "71a738d27af031e23bc185d8b97f8288085c435671d012c84052242f8b076865", "71c5478b04bd6df68a6c130bc881a5e4f9f5af69efab9d41968c143750b19b1b", "7372e360b1eee474b58f458772568a1ded32347285cf8ff4043630ae676a2e18", "747d7dbb258e2617d61a88d6fa8f4b31250d2535cd7a285f4cc5af0dfa948001", "754b154897844e9bb5c710d5a0e93dec4488b1e9204c1e14e0bc38e58aa2b98a", "7acef5067d916d7fe8915eaa5adc6633c788ea82a1d0a49f22edb269d1dc38d4", "7c7933d255a7ccc21466e6de15a097d7a16caff606d4ac5c814b1fdc17bde55b", "7cad74999b066739804c5754c54958e19e26c1b673f3a9b341a5b132c0a89cf6", "7d1aaf9f5f894d8a5e6c437ba0bec08bb78b2bc289d6c7f3cd39954e58286770", "7d37ae01e82acb635e261c89ad9170c0f24230364a84f5e3412987876516dc0c", "7dd660f294ab488df5fea71444024d806b5e6eb2d9d54577db86f7cbf459c30b", "7df8b59eeb0cac15f03af90d2d53b3725c0e4edb49e4dbafc539e10292944ff2", "7e2b74d097030e6c1b4b552b31d5178b21edc00308454bae69199909213cea3b", "7e58a13f1484d45ca8853bd0af09bcd9527cdde2992a8efdb6e918bb2b7285d0", "7f478ae885874774f5206fef5f36d3f66e610eaac644f3673fe5477a3f54465c", "80b71b2284c6bf8370b4fbaac003309a7c4b472a830a6ec542ff9f99892290bf", "8176da1d980d2abc858b454648f8b6531d98f1e7fce392ab6112c1c98dc3babd", "820748b8c57714408c512fd0e481adbbd86e5c2e48f627310104a2ec0d7e76ff", "85cf513ee4adb9ccd3cd6fe132179c2fdafeb5e56f65f3d07a2c77314b54a39d", "8b19e70de65775c71257786ca932dd268354c533bb3b32bddb6663784b8096ff", "8b1d96ffbcd22a071800b1832598348ecc5b4a0fe6f7b6d29854bcd99c6c491f", "9b58cd73ceaae3f758a1c7ba240fd7f83aafbe54fc5226dac68be50c92e5d0b9", "9bfbc3d707ae849945aae94fe191d6689b2689a951a544e2341f2395ed7e3132", "9da14138b48d095f2d27f486c1db67a6d778d82a469f8a7e27a5c14ce697fded", "9ebe82884beb857dfd31a4682c5ceb543ccc2f1a2135d70cd7d7cf80ab270ce6", "9ecd31c9ef46e18a469103ec2ccd91d39e844dcfec05eeff0b4c65c937238823", "a11227ad64efa9d68206431bfbd48cf36c24837a0c00fcee1da1db34407deef3", "a1fda91d8d1ccffaabbabdeacd84445e1e3a9598c32f30657c2cca96c65f3ca4", "a323c03df2ffa316b1a649b8500463fd0e98d954cda410dcbadf35eace90adb2", "a3b8d0e2bc32ff54a0145a2f175336619cf064035f02b832874b3b7dd7764486", "a4c745f17169615118301f5085b9115b5545be13c69120af89ee28147a6c1602", "a7482a216d839377582b44ddace2ec38d4427b00a2757443e09edf4cb3c7d222", "a7f66fe2fb8bae2b39f9ebc440440d311a964c45c9c1dbca0e53d12a266b7f2f", "a9bd89d1142135aab992a328b4d83d43d311d9c971a699645d3143ab867db89f", "aa566f933c9b97e0a1d4edaa9c00879cada6134bcc77411065c5d3bdeb0fb12c", "ab2c889c4e6cfddb1d05a021ed55eb237169c6ab306acda64d939a59c05121c5", "acb9d15dab7f6f28b1c2efc47a80a9d4d35300e7218391090e084377ef6b1674", "add8ebe24a93722a866447bb7657e8cdd7704040dd12eeff8fb78035382010d3", "ae272ece41ab47bd43087acfda36b56d86673df52e447018893922c68b15df94", "b2f9621ff777cd84504c312ded05f03c8cee931f50a913f525bca3ef5081e3cd", "b3f668c07dc52612d0c88571d4366749fbc7bd525da2fff7bea53beadbdcd253", "b45903eda4a36d4a44da9bca843e4f45f8ce0cc83e88e189457bcfd0592c0bc0", "b5a4fbe194abd6526c8b9834909c2def28c14eb79e614550f67cebcc41e0b5af", "b6b94a61da65a978a056228ffc7cb81aefedee05b48d6d79e0091b5ff9b544a4", "b8c6515d05f48ec91b664ac1fa69175f62f54de36a019e1e7944fe71ec692c19", "bb224e92cbe55869fdd79d73b93c810d6e55e653f9da37b36a637e64f33ec9fd", "bbdaebeb08925cb48158198b51195a98a92d6dfd7bab31f18600d4e95f4f2f47", "bfa1e3164d22f9acd4997d910dd70df3a28c3fd0427114dba57110d271abdffc", "bfd260c6ffd6714eae14ac42d4fd8e34ce2e0e2f91e1958ad32fe149294b70fb", "c0fa7a1e7c1a5dbc5575b53fa178164dd27ce9ca4835a1443b94df7803da2a23", "c22ac94a992521979abba1bd260bfdee52801fac5b03986513a2b0a7dde67279", "c6a3ee98f633923171121ad224325370d1bbe5c900ada680a60fe01a6324e5a6", "c7d455ff18726b7b7019d624f9d5a5306cfb9054c14200e2f543e7ecbf5d05d7", "c8c57afd34db48365eb537a7f12fb6e46ae105f7530c86ad8ef3b5d58752c0c4", "d01628579da3c60baee886a36db4d47fc857a1d167747ca013814654c3733382", "d12f1da66edb35bece58053859070fabeb8a6512c79ed2a24fa73115a7bcee54", "d289b44c43b1d0986117ca7af4c56c071ca325612a180372b1cda6b3fbc0c622", "d2f4ec96f0c7bf8f18a6ab147fade472e8199ea8d600ed2be475eb0b6e0c1c6c", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "d6f5a8218a4ff6bc59eafd05d5850c05488ce3f8873d48f643c275b3be551810", "d8aa451db648e07f65179017221b1c57749ced585a4fd707ce0c4139f9109cee", "da5b50ac634d6b015cd095f666aff6fdb90248cd029b7979552ff47f169b3220", "df52383c2ac5b182c74d0455b8fc50e62a421bad331e476203c9e5c7bed058d2", "df52e2f5a065a3fe8e5ad0c4e81570fe44f588e7f092c6b1bad845eaf703cbe6", "e09ac69a2ddf3f36360b546fee2bd04a7b2b8caf5398b4576003d39f8804ada4", "e0be509c1ba75c9398624532d47b322c4a3abc93d64edc92d8df9c1af38829ff", "e1a72ae0cb932a039341e3dd140151a487bc75e21a0b5ca28c0d3d01bb715949", "e88b92a0f605f5bf92978f471cfeee36fd2341980346dd234777c1ac07d462b4", "e90de6cc1df5a48f504988f63a9d5ea037d20fe9989eb474b80f03f8f0ed8432", "e9f6daf350039c4e200607f16a8e1ee2ef52bba2bfa6a7f686cc4777e2c6a1eb", "ec549191fc88686c6289a9cd799bb9734d534200295efa561a194fc15ca5596f", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a", "f9af80d062aa805fe4a6e71c641ca86b429675442790018e31f3a9cc20611bd7", "faec94a9b16c54db8d15d6dc13d6c09bb719e0aa79865b6ab969842dffd420f8", "fd57185f0ebeddaa532ed39ef898aca8d09e6f9743a4b3e7454084c6ce3c69ab", "fed2aaf0832ecadd8b571098d1ede0fda0d1b83b2d9eb5325340d3271d3ce116", "ff444c7a581dd6029346328c84f76464088146fc725933b147560d09c914e949"], "iocs": {"domain": [{"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "host": "j[.]maxmind[.]com"}], "file": [{"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "path": "\\$Recycle.Bin\\S-1-5-21-1160359183-2529320614-3255788068-500\\$bc873181c718236380cd637b8be3cfa0\\@"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "path": "\\$Recycle.Bin\\S-1-5-21-1160359183-2529320614-3255788068-500\\$bc873181c718236380cd637b8be3cfa0\\n"}], "ip": [{"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "88[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "92[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "87[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "180[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "166[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "135[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "117[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "119[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "115[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "134[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "206[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "222[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "182[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "190[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "184[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "197[.]254[.]253[.]254"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "130[.]185[.]108[.]132"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "74[.]59[.]91[.]57"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "65[.]79[.]242[.]203"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "69[.]207[.]84[.]208"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "24[.]229[.]254[.]232"}, {"hashes": ["0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "ip": "72[.]184[.]250[.]236"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "72[.]129[.]96[.]128"}, {"hashes": ["13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "24[.]98[.]59[.]90"}, {"hashes": ["13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a"], "ip": "198[.]45[.]223[.]204"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "69[.]243[.]141[.]33"}, {"hashes": ["1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "ip": "72[.]203[.]146[.]88"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "65[.]31[.]235[.]121"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "46[.]126[.]86[.]179"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "79[.]133[.]196[.]50"}, {"hashes": ["13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "50[.]151[.]203[.]244"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "75[.]64[.]9[.]28"}, {"hashes": ["1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51"], "ip": "67[.]167[.]111[.]32"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca"], "ip": "76[.]114[.]73[.]132"}, {"hashes": ["1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "ip": "178[.]82[.]18[.]47"}, {"hashes": ["1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "98[.]252[.]133[.]129"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab"], "ip": "119[.]242[.]42[.]170"}, {"hashes": ["1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf"], "ip": "96[.]21[.]104[.]36"}, {"hashes": ["13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926"], "ip": "68[.]45[.]92[.]152"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "178[.]202[.]162[.]247"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "69[.]137[.]35[.]221"}, {"hashes": ["13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "69[.]125[.]149[.]123"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "75[.]66[.]252[.]115"}, {"hashes": ["15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "ip": "124[.]247[.]67[.]70"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3"], "ip": "67[.]84[.]23[.]118"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51"], "ip": "178[.]155[.]236[.]212"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372"], "ip": "72[.]133[.]37[.]228"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf"], "ip": "96[.]24[.]199[.]18"}, {"hashes": ["05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3"], "ip": "93[.]158[.]15[.]65"}, {"hashes": ["13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727"], "ip": "83[.]133[.]123[.]20"}], "mutex": [], "registry": [{"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DeleteFlag"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "DeleteFlag"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DeleteFlag"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BROWSER", "value_name": "Start"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": "ThreadingModel"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "DeleteFlag"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000010", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000009", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000008", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000007", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000010", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000009", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000008", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000007", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Type"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Start"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "ErrorControl"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "DeleteFlag"}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\EPOCH", "value_name": null}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}", "value_name": null}, {"hashes": ["039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005", "05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4d", "0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983", "06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2", "13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12e", "13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763", "15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58b", "1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71a", "1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455", "1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0", "1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1", "264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72b", "282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249f", "2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6", "2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727", "3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6", "30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3", "31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44ca", "32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bf", "32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51", "3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879", "37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39a", "38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eab", "39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372", "67562bca2aebb2306994a8b325e458c8381eecdefa77878f82f04f0a319033f7", "d5c9a5ca97be157f9bfab2d1c2e4cd1455eb84a5ef06e8cf83e0f7a361f6f1e1", "d67f663f177365b7671e832139018011d5932828fc9a174bbb894d7bb945e926", "ec835d69cb07da1d2e007c7227c3d7c8b4f1bcf31d5387d7a58ecd183505279a"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": null}]}, "reports_count": 29}, "exprev": [{"count": 7239, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2690, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 2564, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 2441, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1490, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 593, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 576, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 310, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 290, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 192, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 55, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 44, "description": "A process injection was detected that is most likely caused by an existing Qakbot infection. Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence on a system.", "name": "Qakbot injection detected"}, {"count": 25, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 23, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 18, "description": "An exploit payload intended to execute commands on an attacker controlled host using WinExec has been detected.", "name": "WinExec payload detected"}, {"count": 12, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 12, "description": "Emotet is a banking Trojan that first appeared in the summer of 2014. It uses Automatic Transfer System (ATS) to steal money from a victim's bank account. The Trojan is distributed through spam that includes a malicious attachment or a link that downloads the Trojan. Emotet uses modules, downloaded by the original Trojan to grab Microsoft Outlook information, modify HTTP/HTTPS traffic and distribute spam. Once executed, it checks for virtual machine processes and injects code into the \"Explorer.exe\" process. Then it reaches out to its command network to download its modules, each of which can be run without the original loader.", "name": "Emotet malware detected"}, {"count": 10, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 8, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 7, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 5, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 5, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-08-14T12:42:46+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Doc.Malware.Emotet-9238710-0", "Win.Dropper.LokiBot-9243098-0", "Win.Packed.Zusy-9228639-0", "Win.Trojan.ZeroAccess-9227749-0", "Win.Dropper.HawkEye-9235013-0", "Win.Dropper.Razy-9229720-0", "Win.Dropper.Tofsee-9234606-0"]}