{"Win.Dropper.Razy-7618625-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "usb-drive-autoplay-modification", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "modified-file-in-user-dir", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "process-windows-script-launched", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "files-deleted-used-vbs", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "fault-report-file-created", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "hosts-file-modification", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "excessive-sample-duplication", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "excessive-process-creates", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-with-multiple-children", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-program-dir", "hashes": ["2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-disable", "hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "created-executable-in-user-dir", "hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-domain", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-named-pipe", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "registry-large-data-entry", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "windows-os-reboot-detected", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-logout-detected", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0003"]}, {"bi": "windows-util-shutdown", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "feed-domain-modified-host-file", "hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "hook-installed", "hashes": ["59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypts the data, and sends it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "5aba11a053e43496d97189c6fc394ad70b82842d889e357fc29ce72bb5931cb4", "5e067892c5ed0f1af29d9f3db5f42af26a96713a78e1880b02b2955b767b1d48", "5fd81043e72a60fba23d3410e30a6534e6b237fc9f8ccd1f2ea598060647330b", "60493fcad0fb2b28ce84bd3758c3d6ccf048cba39f1ad6358f1c88299d20d4d6", "691483b7878071d6f50c547bdaebb36d9194d6c1cb1cc6c0f13f6eec9fc68cb2", "6992432a8d7b77b32ef43908d0ba7289bba63f0a291a69bbc3ff01dbf4d2ddc9", "6a1dd219fe7eb3d25cae9106506e04e9bf507aef2aef6baf267b85d687cf7327", "6d31dddb78edbcffe048ca6f47c3e8102f6b5cd253bc976eb541ecb9984ad8dd", "6eb84a4bfce9024bf126db02291791054bf6b71401cf5aab3cdf22b498ebe495", "6fcafb7f006703dbcb4c17d1c6e5e069c92497180871d3d2789e84fd4181626d", "72c5625f2c7403765f76a7a8582b69db5201dbc57f9778e232f2b81aa473c6e8", "79cf81b3fac1998aed060ee2d568664205da97b687403bd2365497dde2dbb5ef", "8289048d8f9f8781c882d78ab4bc575e282ef49929f90ec26dbab1491a6d78f1", "83119ab759c48236fa597a2cd25981737aaae59063c750f43e20b9ee3f6d91e9", "8374f07fc1ec278cc843f2cd9b243e244eebcd2df169d2764fca4158b6c8ec8c", "8e974216946ea24db63dae2e8fcdd0e17a366dd376c5d658ed11afbc65f440cf", "90d3a15eee6f4b4ad3b2a0ef5d1dae9e71ea239de85fbe355544de98abc752b9", "9437bf0bd79ef05acd6783583aae9f570f18722fa42467c47ae7d23655e26b7d", "97d80ebbb6af32aeb0cc48665a687bb961f0a2d200ed138cb7181a10a8fcbac5", "9d8e74c99576e4d9a20b2e337108f0bfcae540e45ada6b2d1f6219a984a9a60c", "a02de30ae2f09967f67caf9fad3af0fe2323f54168b9abdefd6992e8c5c6c242", "a0ce13cfd3570413f2e13274023f67f4c22cac65c0569c2637c4be3bee856520", "a4f39494c2663e630cefef7c8e8d808ea09efcfa5ad63e110ad36a18d417c986", "a91e9c92e60987820f8c494b353457c7f7642c0c74fe5fb5c3bde73cd92cfb10", "a9b4bf00663116786cd25d7d6770077325cd382ab7d318931ff7fe29f8491c97", "ac1a5533a7840e6e69aa547729ce03cb136a9b3033b783e6c316b996a35117d8", "b19596f162fb27feaf3e3af2f17ed9070e65cd450a51bb3af704551e404a5aa8", "c8bc3e05923649e3f6340fb5a688d4a1b9e7681dd0f8826a873695ad0bbdaf24", "ce5b56ddaf4690d47c4f4fb85e3d0dceca5ece0af6f81a43abf8cb1bae710d96", "d5c461f4cdcf1dcef0b67fac7487ca03d1dcb2c8fd796acb5a0ee6c6053c0cb9", "d67a9545ff21687e853b8d75435b4428f4d51fa0767f8e7bb3f935b1a4df1323", "d924eb0f301d786ce12a2da71f5a122bc0537bd8229d4d678f1074e8e03bf878", "e051e2bbbe7f969d776bf15dab7ae38dfb9793e26429772f3b1255fed36ba471", "e0c678443381d7ef914b972e3e3424cad4eb7581aa3bbca2729b174e75fd52fc", "e11779937a9d2bdf9031cc338243b4e46a3af5d36c1fefbf5718c4aa01cb5368", "ec41662755f28b17139baee2eccd1019781744b943669dbc60cd38b4f34541e1", "edf178bcba231c4a69f8762d15ff8089ca7494024c80fa60f60fcc2404505663", "f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244", "fa19375b29de4d400f17a595637942490ac58d9e95e812717dd148c1b63f7f10"], "iocs": {"domain": [{"hashes": ["2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5"], "host": "smtp[.]mail[.]global[.]gm0[.]yahoodns[.]net"}, {"hashes": ["1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3"], "host": "sas_basket@yahoo[.]com"}, {"hashes": ["4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f"], "host": "shayan_pmpm@yahoo[.]com"}], "file": [{"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244"], "path": "\\autorun.inf"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244"], "path": "E:\\autorun.inf"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244"], "path": "%SystemRoot%\\SysWOW64\\s4c.vbs"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%System32%\\s4c.vbs"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%APPDATA%\\SR.log"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%TEMP%\\dw.log"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "\\InitShutdown"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f"], "path": "%ProgramFiles%\\BronLogger\\Server.exe"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%ProgramFiles(x86)%\\BronLogger"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588"], "path": "E:\\Server.exe"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588"], "path": "\\Server.exe"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04"], "path": "%ProgramFiles(x86)%\\BronLogger\\Server.exe"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\WebCache\\V01.chk"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%LOCALAPPDATA%\\IconCache.db"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%System32%\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%System32%\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244"], "path": "\\explorer.exe"}, {"hashes": ["1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0"], "path": "%ProgramFiles(x86)%\\H1GRHES19K\\RWWXN4K.exe"}, {"hashes": ["1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3"], "path": "\\Russianboy.exe"}, {"hashes": ["1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d"], "path": "\\System.exe"}, {"hashes": ["1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d"], "path": "%TEMP%\\Temps\\System.exe"}, {"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d"], "path": "\\ax.exe"}, {"hashes": ["18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef"], "path": "\\AGAOH29.exe"}, {"hashes": ["18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef"], "path": "%APPDATA%\\DZBXD41FQ2\\AGAOH29.exe"}, {"hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1"], "path": "%SystemRoot%\\SysWOW64\\task\\task.exe"}, {"hashes": ["1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1"], "path": "\\task.exe"}, {"hashes": ["2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5"], "path": "\\WBBB1BO.exe"}, {"hashes": ["336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20"], "path": "\\QS.exe"}, {"hashes": ["336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20"], "path": "%TEMP%\\QS\\QS.exe"}, {"hashes": ["33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48"], "path": "\\WRA9MM4.exe"}, {"hashes": ["42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "path": "\\6KJ04JR.exe"}, {"hashes": ["42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "path": "%ProgramFiles(x86)%\\RQSSPRQLOA\\6KJ04JR.exe"}, {"hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511"], "path": "\\5ZGYR2J.exe"}, {"hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511"], "path": "%TEMP%\\UQR3ZNYCRN\\5ZGYR2J.exe"}, {"hashes": ["4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "path": "%TEMP%\\sys\\svchost.exe"}, {"hashes": ["59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%ProgramFiles(x86)%\\BronLogger\\documents.exe"}, {"hashes": ["59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "\\documents.exe"}, {"hashes": ["59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "path": "%ProgramFiles%\\BronLogger\\documents.exe"}], "ip": [{"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "18ea8f2b155f17bca7e760e23a189079081207284ae345c38b29a724fa70d0ef", "20b3127fe9abd1d3937ed141e5b446254eb3ae7705262724c38fdb633b827255", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "ip": "173[.]194[.]206[.]108/31"}, {"hashes": ["148351dfb55666520e4985d7da53fa79e757d6ba5f2635284e76d10fb1da48c1", "1679031a8329b2fc0f69c3bfad9840328177c130beb77dac005e382106930ae0", "1a1fcf1c7a1181a24b75e43a19ad15bd95fdfc3c7644fc2260de67e313e91762", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "ip": "74[.]125[.]192[.]108/31"}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7"], "ip": "172[.]217[.]222[.]108"}, {"hashes": ["2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5"], "ip": "74[.]6[.]141[.]43"}, {"hashes": ["2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5"], "ip": "67[.]195[.]228[.]95"}], "mutex": [{"hashes": ["1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "2601ba5ff6c12b24d02a1d6f72bdc5a2efb59a3f525cfedf376132db969993f5", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a", "f7048cc5c95c5496d5784436bada29fe05883599382265673ce47b22b69ad244"], "name": "Global\\<random guid>"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "name": "Local\\MSCTF.Asm.MutexWinlogon0"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "name": "Local\\MSCTF.CtfMonitorInstMutexWinlogon0"}], "registry": [{"hashes": ["089a5c160d3381e697626a4276a9ed6551bea7f61612fc57a19efa1d8d4ca07d", "1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "1929f324446d4e334fd456d58c35d05ff040aed3e03951ae00f0fbe751820cd3", "230777df99a6bb9bfcaa4ffc9f96844f9d7494c598db0671a829b847ba92f22c", "2babf375d76545bb7965545f3f36ac66de1d66e017976307c1b48a31d7d49ae5", "3268ed7bf4420a5c689ebfc46361265d9f44fc04f55f35c15288f8ba2849cb47", "33fcd4312bf0269e7168b37529c46618a0ee8844c80f61ea7b99f4ee0c862e48", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4d1397fbe5d58dc1bd76f596d70da2b38e08469916f1c424db27c770fbeb1c5f", "4dad82add6207fcfcde1e02a44f9835757e699f27ee8c02ce01e20a6a7b21588", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["0bcd4b4c715c1b102db43126abea9e4d0e3e7bacd6dc1ac65517b05d8faec55d", "1739401b523258b508399471abc9a03a0d1c28ffe36d0a4def4f54ec04c4aaa1", "2bc88a2d3179e175fd0e04524c8686b14a73e4e952d1086dffc8d358e4dcfb03", "3f6eb2f503b63ee8ab1854ab8f81058705ff4c59a8663eb011fdc60c742c17d7", "400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-AXFXZ2HZ}"}, {"hashes": ["1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d", "42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\NETWORKLIST\\NLA\\CACHE\\INTRANET", "value_name": "{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\STORAGE", "value_name": "Deny_Execute"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\STORAGE", "value_name": "HotplugSecurityDescriptor"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\WDI\\CONFIG", "value_name": "ServerName"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CTF\\MSUTB", "value_name": "Left"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CTF\\MSUTB", "value_name": "Top"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RELIABILITY\\SHUTDOWN", "value_name": "Comment"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STUCKRECTS2", "value_name": "Settings"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STREAMS\\DESKTOP", "value_name": "TaskbarWinXP"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "CleanShutdown"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RELIABILITY", "value_name": "6005BT"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RELIABILITY", "value_name": "LastAliveStamp"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\AUTHENTICATION\\LOGONUI\\LOGONSOUNDPLAYED", "value_name": "LogonUIChecked"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMGMT\\PARAMETERS", "value_name": "ServiceDllUnloadOnStop"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WBEM\\CIMOM", "value_name": "LastServiceStart"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WBEM\\CIMOM", "value_name": "ProcessID"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\TRAYNOTIFY", "value_name": "PastIconsStream"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RELIABILITY\\SHUTDOWN", "value_name": "ReasonCode"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ShutdownFlags"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\TRAYNOTIFY", "value_name": "LastAdvertisement"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\TRAYNOTIFY", "value_name": "UserStartTime"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\TRAYNOTIFY", "value_name": "IconStreams"}, {"hashes": ["400d68c701c922762c6c5adaf530e1d7976694dc8811e92915677ba422fdfb04", "42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WBEM\\CIMOM", "value_name": "PreviousServiceShutdown"}, {"hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511", "59545ea6508bc68d6a6986c94698091c1edf4a20868e5cfde1715d90c255f06a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "NoWindowsUpdate"}, {"hashes": ["1723658463682d4d121e230710ab16ca1b4a76ec0a0d9195a43a90ec8bdde28d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-WURBAJZJ}"}, {"hashes": ["336867cc343c1747a297cb79b8bf809a1ff5f5a1bb6c2bc9ff4ea2b8c010ec20"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-JZCBHNAS}"}, {"hashes": ["42ece3654a91d7c29afef345b5c47a77d70a5ebb393c1941b17d09ccd5cb75c8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-EFRACFSC}"}, {"hashes": ["42f0ce9a9416f7b9b3f11e07f3d08e0dfe1f3264483409ba8310c8d947026511"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-HO3KFAON}"}, {"hashes": ["4fd22825ea69a4946001df38e62a2e936b5b9203911f737ba641bfc9b899de8b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BRO-Lg-9QURFBPZ}"}]}, "reports_count": 26}, "Win.Malware.Emotet-7617328-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "malware-emotet-mutex", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-snort-policy", "hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959", "30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-snort-sensitive-data", "hashes": ["b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "iocs": {"domain": [], "file": [{"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4"], "path": "%SystemRoot%\\SysWOW64\\shfolder"}, {"hashes": ["a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c"], "path": "%SystemRoot%\\SysWOW64\\DscCoreConfProv"}, {"hashes": ["5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "path": "%SystemRoot%\\SysWOW64\\KBDUGHR"}, {"hashes": ["dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542"], "path": "%SystemRoot%\\SysWOW64\\msftedit"}, {"hashes": ["f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868"], "path": "%SystemRoot%\\SysWOW64\\perfmon"}, {"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d"], "path": "%SystemRoot%\\SysWOW64\\tdh"}, {"hashes": ["e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb"], "path": "%SystemRoot%\\SysWOW64\\EhStorAPI"}, {"hashes": ["fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "path": "%SystemRoot%\\SysWOW64\\drt"}, {"hashes": ["d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231"], "path": "%SystemRoot%\\SysWOW64\\tracerpt"}, {"hashes": ["b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "path": "%SystemRoot%\\SysWOW64\\XpsRasterService"}, {"hashes": ["773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "path": "%SystemRoot%\\SysWOW64\\wdscore"}, {"hashes": ["611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2"], "path": "%SystemRoot%\\SysWOW64\\QSHVHOST"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0013"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "path": "%SystemRoot%\\SysWOW64\\cewmdm"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "path": "%ProgramData%\\fLQThpif.exe"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "path": "%SystemRoot%\\SysWOW64\\wevtfwd"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "path": "%SystemRoot%\\SysWOW64\\wmpcm"}], "ip": [{"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868"], "ip": "190[.]79[.]103[.]57"}, {"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868"], "ip": "83[.]165[.]78[.]227"}, {"hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "ip": "174[.]57[.]150[.]13"}, {"hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "ip": "182[.]71[.]222[.]187"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "ip": "116[.]90[.]228[.]177"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "ip": "124[.]150[.]175[.]133"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "ip": "178[.]33[.]167[.]120"}, {"hashes": ["5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "ip": "60[.]53[.]206[.]74"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "ip": "103[.]31[.]232[.]93"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "ip": "161[.]18[.]233[.]114"}, {"hashes": ["b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "ip": "51[.]159[.]23[.]217"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "ip": "104[.]236[.]52[.]89"}], "mutex": [{"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "name": "Global\\I98B68E3C"}, {"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d", "3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4", "54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322", "5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e", "611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2", "6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5", "773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06", "a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543", "d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb", "d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231", "dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542", "e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb", "f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868", "fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "name": "Global\\M98B68E3C"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0", "b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "name": "Global\\Nx534F51BC"}], "registry": [{"hashes": ["611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QSHVHOST", "value_name": "WOW64"}, {"hashes": ["611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QSHVHOST", "value_name": "ObjectName"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": null}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "Type"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "Start"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "ErrorControl"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "ImagePath"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "DisplayName"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "WOW64"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "ObjectName"}, {"hashes": ["30a041032d82a8e6516dfde5f64d3c928793ccfbd09ba100230540c674e0de2d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TDH", "value_name": "Description"}, {"hashes": ["3e57607a5d55acbeb675e4c853c66cc40c765fa50d091e98dcd4613debe230f4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHFOLDER", "value_name": "Description"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": null}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "Type"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "Start"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "ErrorControl"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "ImagePath"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "DisplayName"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "WOW64"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "ObjectName"}, {"hashes": ["54518911dc89e0312f53d91d7a851e70f8914fb23c2834894f20fd1558eed322"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CEWMDM", "value_name": "Description"}, {"hashes": ["5866177c7258eaca816ce53313a319b1962de069282bc248958528c6760b439e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDUGHR", "value_name": "Description"}, {"hashes": ["611411c2c67ecc80f9cee7bfbb99581e109d47100ce8e706695b4c565c6babb2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QSHVHOST", "value_name": "Description"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": null}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "Type"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "Start"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "ErrorControl"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "ImagePath"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "DisplayName"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "WOW64"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "ObjectName"}, {"hashes": ["6429831de849c1fc56d9b327229c5a566d236bcd98b349f9e33f8c40d6f4dcb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WEVTFWD", "value_name": "Description"}, {"hashes": ["69f22b14754bdccc420cd852ca224bbf0905e4b52bf1e390cb4d148725d644f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0013", "value_name": "Description"}, {"hashes": ["773396357872e6db0c35caa4c24ec2ec5ee212fb8122e0a7c94a0e098aac4e06"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WDSCORE", "value_name": "Description"}, {"hashes": ["a9e6fb63f61041d3b15492eca314f806e0aa940e9bd2d9dfa6d0d15f745eaf4c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DSCCORECONFPROV", "value_name": "Description"}, {"hashes": ["b33983dae6c61dfdb0ac650f42a256d47480b14d39c36096571fd22645b8d543"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\XPSRASTERSERVICE", "value_name": "Description"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": null}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "Type"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "Start"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "ErrorControl"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "ImagePath"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "DisplayName"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "WOW64"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "ObjectName"}, {"hashes": ["d6d3a992a669ebb382794117b4b5fcc07bc55d6b615e60781bb1dc612fa0cbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPCM", "value_name": "Description"}, {"hashes": ["d89a38b8383f7f32595db391b203317022593bc6cca9cd765bafe74ffaefc231"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRACERPT", "value_name": "Description"}, {"hashes": ["dbb5ed16d0d6980a056e21f6e5b7ea312c0898b75b8ddf8767303ed1e8928542"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSFTEDIT", "value_name": "Description"}, {"hashes": ["e9c9a213a76d5d9a225edabc2aef63348fea48e28b466469d6fa69e2c80efbeb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSTORAPI", "value_name": "Description"}, {"hashes": ["fdf500c8e056b26bd1cb0866410e9ee9c09451deb3e5bfe2374e2fd91761a959"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DRT", "value_name": "Description"}, {"hashes": ["f08aaedf56fdb43d695be8aff2b2dc4df36370d325137c6ae9b5f101b395d868"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PERFMON", "value_name": "Description"}]}, "reports_count": 16}, "Win.Malware.LokiBot-7617469-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-user-dir", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "deleted-submitted-file", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "network-opendns-malicious", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0011"]}, {"bi": "http-response-client-error", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netbios-query", "hashes": ["81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-snort-protocol", "hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "mitre_attack_tags": []}, {"bi": "malware-azorult-mutex-detected", "hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "files-created-vbs", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "startup-folder-modification", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "startup-folder-vbs-file", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "html-phishing-page", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "mitre_attack_tags": ["TA0001", "T1189", "T1078"]}, {"bi": "html-email-login-page", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "mitre_attack_tags": ["TA0006", "TA0009"]}, {"bi": "html-js-uses-location-replace", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "html-suspected-phishing-login-page", "hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "mitre_attack_tags": ["TA0006", "TA0009"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "audio-video-mutex-detected", "hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-communications-smtp", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "http-response-redirect", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-uses-autoit", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-null", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": []}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "tor-process-execution-detected", "hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "mitre_attack_tags": ["TA0011", "TA0005", "T1090"]}, {"bi": "network-http-numeric-ip", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-dns-category-dynamic", "hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-windows-script-launched", "hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "malware-remcos-mutex", "hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "mitre_attack_tags": ["TA0005", "T1107"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from several popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "iocs": {"domain": [{"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "host": "gitlab[.]com"}, {"hashes": ["9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3"], "host": "hockvvee[.]com"}, {"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "host": "www[.]litespeedtech[.]com"}, {"hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "host": "iplogger[.]org"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "host": "ezstat[.]ru"}, {"hashes": ["36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8"], "host": "mecharnise[.]ir"}, {"hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "host": "mail[.]academica-oaf[.]pt"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "host": "sonqan-vn[.]com"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "host": "assets[.]gitlab-static[.]net"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "host": "about[.]gitlab[.]com"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "host": "bibpap[.]com"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63"], "host": "yal1am[.]com"}, {"hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "host": "uzoclouds[.]eu"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "host": "fllxprint[.]com"}, {"hashes": ["83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1"], "host": "ngozichukwu[.]xyz"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "host": "bornsinner[.]rlka[.]cc"}, {"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "host": "bimento[.]co"}, {"hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "host": "txserver[.]duckdns[.]org"}, {"hashes": ["a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83"], "host": "supergeorgia[.]ge"}, {"hashes": ["81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665"], "host": "fitrtefast[.]com"}], "file": [{"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\a18ca4003deb042bbee7a40f15e1970b_8f793a96-da80-4751-83f9-b23d8b735fb1"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\D1CC40\\0F3583.lck"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\D1CC40\\0F3583.hdb"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\D1CC40\\0F3583.exe (copy)"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "path": "%APPDATA%\\jmfsr"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "path": "%APPDATA%\\jmfsr\\xnberu.exe"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "path": "%APPDATA%\\jmfsr\\xnberu.exe:ZoneIdentifier"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jmfsr.vbs"}, {"hashes": ["5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\jmfsr.vbs"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\autE949.tmp"}, {"hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "path": "%HOMEPATH%\\Documents\\Results.txt"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\32.exe"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\64.exe"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\CL_Debug_Log.txt"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\CR_Debug_Log.txt"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\SystemCheck.xml"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\asacpiex.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%TEMP%\\autD4FD.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\systemcheck.exe"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\cached-certs.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\cached-microdesc-consensus.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\cached-microdescs.new"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\lock"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\state.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorDataSocksListenAddress 127.0.0.1\\unverified-microdesc-consensus.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorData\\Tor.pid"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libeay32.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libevent-2-1-6.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libevent_core-2-1-6.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libevent_extra-2-1-6.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libgcc_s_sjlj-1.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libgmp-10.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libssp-0.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\libwinpthread-1.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\ssleay32.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\tor.exe"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\zlib1.dll"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%System32%\\Tasks\\System\\SystemCheck"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\g01V9W6.exe"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor.tmp"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorData"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Tor\\TorData\\TorConfig"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "path": "%APPDATA%\\java\\logs.dat"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "path": "%APPDATA%\\vlc\\vlc.exe"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f"], "path": "%APPDATA%\\P5vcbiq.exe"}], "ip": [{"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "35[.]231[.]145[.]151"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "89[.]208[.]229[.]223"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c"], "ip": "89[.]208[.]210[.]190"}, {"hashes": ["37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "89[.]208[.]210[.]242"}, {"hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "85[.]25[.]159[.]65"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "62[.]210[.]254[.]132"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "93[.]115[.]97[.]242"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "163[.]172[.]149[.]155"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "37[.]187[.]20[.]59"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "81[.]7[.]10[.]251"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "81[.]7[.]16[.]182"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "193[.]35[.]52[.]53"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "85[.]25[.]213[.]211"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "163[.]172[.]157[.]213"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "37[.]187[.]115[.]157"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "213[.]239[.]217[.]18"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "54[.]36[.]237[.]163"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "163[.]172[.]194[.]53"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "188[.]40[.]128[.]246"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "46[.]28[.]110[.]244"}, {"hashes": ["36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8"], "ip": "194[.]180[.]224[.]126"}, {"hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "ip": "94[.]46[.]13[.]110"}, {"hashes": ["ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3"], "ip": "91[.]215[.]169[.]70"}, {"hashes": ["9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353"], "ip": "91[.]215[.]169[.]59"}, {"hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e"], "ip": "69[.]65[.]7[.]134"}, {"hashes": ["513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6"], "ip": "193[.]142[.]59[.]88"}, {"hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "ip": "185[.]252[.]30[.]237"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "93[.]177[.]67[.]71"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "185[.]100[.]84[.]82"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "66[.]111[.]2[.]16"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "94[.]230[.]208[.]147"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "176[.]10[.]104[.]240"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "172[.]98[.]193[.]43"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "54[.]37[.]73[.]111"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "185[.]100[.]85[.]101"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "144[.]76[.]14[.]145"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "193[.]234[.]15[.]56"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "62[.]210[.]92[.]11"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "178[.]17[.]170[.]156"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "85[.]10[.]201[.]47"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "192[.]160[.]102[.]166"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "54[.]37[.]17[.]235"}, {"hashes": ["ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3"], "ip": "193[.]32[.]188[.]30"}, {"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1"], "ip": "149[.]255[.]38[.]122"}, {"hashes": ["424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89"], "ip": "23[.]227[.]206[.]213"}, {"hashes": ["a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83"], "ip": "136[.]243[.]90[.]101"}, {"hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "ip": "88[.]218[.]16[.]57"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "31[.]185[.]104[.]20/31"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "ip": "193[.]234[.]15[.]58/31"}], "mutex": [{"hashes": ["1d6067836b041803b5c2459c9a65f1c8861e565477681a8bda86f00bd72d6ee1", "306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["306b1f531102670b6330d44ac54b052bed0a686d968b6ad6b9cf660325d2cc63", "36cf2111875b57212b53880b3f16fdcc08b29653775e42017cc4f4a56bb3d3d8", "37f0994fc70a48fba26b71c688f34b88d4a1535b8619d2dd62b35e0bffdc125f", "424c9db6c18d578d95559dcfe551e22840094a7f8a08717eac9222ad1cf0be89", "513e2e5f084ce9e281ccfc957fa3910032faad7cdedf441b64b4326fada0cff6", "5d3c691751d5d0d412442137f5372d1c2183bd57fa1a00991d8348c88190046c", "81be9607f847ea23a5426eb3e558c6fba7466b2802f60d56f44d9cd790a94665", "83c2cd404bc92c6a0e37515baf6aba64c0bef6ae87deaf7b676baa46a9b9b9d1", "9ef2fc5ed1fa944faa403b42e063f93878039887ed8818c4200f1a9fafc45353", "a94161a2113c6fd21e0530067651f9dbf5c0be8db1bf17eaccc6def163ef1b83", "ccf395180af5f7a0b92361a677311d09d48b417372e749e3c828009417b122d3", "fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "name": "3BA87BBD1CC40F3583D46680"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "name": "A16467FA-7343A2EC-6F235135-4B9A74AC-F1DC8406A"}, {"hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "name": "A16467FA7-343A2EC6-F2351354-B9A74ACF-1DC8406A"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "name": "QPRZ1bWvXh"}, {"hashes": ["d37b25308416477340fa48c6ece5390c28cf5839828c24863a1ceff63f809b27"], "name": "A238FB80-2231ABE6-BF235135-43ADD060-570E32188"}, {"hashes": ["950981865e94cbf529cbe021c787cd341eb80fb7afaa080de1bd5c2da5142f18"], "name": "Global\\84adc621-5f9b-11ea-a007-00501e3ae7b5"}, {"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "name": "QPRZ3bWvXh"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "name": "remoteaccess-RL0RSV"}, {"hashes": ["d598b79342318f240622de0d9471bc305ef3fb5cf367e2d097b4d8a47db53ef0"], "name": "A238FB802-231ABE6B-F2351354-97818BEE-CD87A771"}], "registry": [{"hashes": ["fa3229c0f0e825f2af42e4f9f479c6336ef38e05022a93587aebf73f5a87f5b7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["30d9d9e8a4eefc19c1400b008ef36c96d001b4ee20e2e821a90daeae1a829a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\8UXN89I8WI", "value_name": null}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-RL0RSV", "value_name": null}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-RL0RSV", "value_name": "exepath"}, {"hashes": ["b166391f2c3d809e4c0a2fb2355395b2c695826e549b1f80c9775f0e5b8f6b2e"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-RL0RSV", "value_name": "licence"}]}, "reports_count": 18}, "Win.Malware.Upatre-7618803-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "pe-uses-fasm", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9"], "mitre_attack_tags": ["TA0005", "T1497"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "1411a4d168945a0e2c0490260268115fe8ad2bf8b42b94d84fc7995967ab3774", "1458b1cd3607334a20493b09a64caa77eaf9df02294af0f13287ffc0aab97268", "14bf4dde574c89154ad3e112a2cc73c9cb4bf32697e8a5f9960e8789a0b95b61", "15e3c0d118c292da976d5d56b9f6c8b27f6aacea8284eef1e223189b31f01551", "1644a9519bb2a3bd4c66cc303361077748c582006a18dc9fef3503fbb443ca2d", "16bf5d4203d8541b4a25ace874e6b98b49307f8eeccff21785b39f922dac4ea8", "16cbb35e4c44de8917590034deee95a118c22c46c30b3a7e476e59fd7774bd99", "1871ba90daefd7f1133a2d1104d5695bfd61347b96439c8acc7112330222ec44", "1b228c1db8c01e392efe52b821c6daf02bd631bc0234f3f247a8d40f43ca9fe1", "1d1b6f3b38517d88175d9c964b1ecbdfaf255d5eda727fc08a5bf3d8b40e4043", "1d35d9a0e28d8d5c35a99306f3fff4dea553ca5930cfbfa0adb05fc0b35babaa", "1dee3f435a6ec17bdf590d833d9e71dc7d66760ad54fc1615a27fef981317bd8", "1e8a401d066a871d704d5d35c21c6726c868fa0cffce9dd89522b30714acc79e", "1fac0442f6fc7ee1597776eaca8c597fb6298cb75d055dfdbe792103b90ad6d2", "203787db7fdce51c3c3c3db59857c6f7414a01fc619cbeb108cbd37daa8783cd", "2327d59b19e1ecb773510b4c3b311b6d97086c8b0770efc62039200e15affaf3", "235591f5c0de5f75caca589c01867198ee661a87cfd4a280087b37b6a1d811fc", "23c9ec075f3aed1752dcc08ef68ea6b0785df811084ee066a406236c3aba7c07", "25335d1ed0cf9991c3fda6e274824f9585feede97be82131b379171f39a1da11", "25a9d42dac1741753c5d39a4fb25070e05dac18a193970c9d7f12065904f9629", "25e42e48572f4de6cded32b41cab641ecc338add7e84921e1b24af310d81b936", "2688a30e5585dec44a924a148f7078937f42a0944bed7f6efe6378e83ea3af8e", "26c1c1f08e9f50a3f2dec9e95e51900442cf59cda8e14b94378d78a24636465d", "2765e9f7587bf6e1a792e6c23ece9adc1ce5feb2efe84bd870c7918880650f3c", "277e9811d64f5bd8305b010d9fdd5a175e9ef6dbaf8411a3a70c8e5bc620e33a", "2865a4338018fb91a6ec998478c3ddd5903203562352983f94b0d3976eddb978", "28a9b62bf00cca0660aaa871a03e3eda1926a78ba9e1f6d8dfaa5c5cb2fff9bb", "2a1f2c93f2ec2da06bcd3fae91a74b4106f0572e854e660bd4e1bd2b46da9bff", "2afdf356e18181453c4fea9a5eb5342b95caa0bf1a23b2458c8344feb1e76bb4", "2b4a81d8725eb45d5496bc422e8af916b6b31dcd6e24046d39706c48459b487a", "2e7e892cac9361777884d1b338936a87508ff2cd7561648a90af29dfe2cf6d53", "2f591f524d5eef555db97b8dc459b0acd2c8268ec44c5c4b11cf7b5ab23e3724", "308ac94ef6c05a83c2bdecb886f414e9519dcaeab4b0f8dba89d1a1f13b5a15d", "30da6ce64155df866dc74a20a775feac5bfa89c6304ee82582f3d76268129167", "30e76bb54aeda2e8dbbcf2363084f9fa9089b2ee6fed5a76616858dcce7876d2", "3284192073826cf541a43b5209377c247a40b110fe7e39b8cee6ff17faca1608", "333ec585e8fd49c69b0241dd95d08588c9779a4b2ea6867666aee0324fe37952", "336c483c137ccf01577764a41e7a92920db009336b22b52b02e82678fe0057c9", "33c9bbeadb110f791acfa9e7880b0e1538c3aa25a88c37714cd9f1852951b1ed", "33fc9412003166dd050d8ab3114214e92cbc5dd228e319a913a8253655a8ead3", "34e4214614d86bcfb21ee0b780ac18ecdc54d166dae1c2b9e91554a35c78aceb", "350eb01d842739939f1361b225e6ac4079614855ca66e17562a42541fb0a9147", "357f6787436f2947f73bfbe3383db8ee4085df5fcccf1259455f039bd671a08b", "3589529cc7c46c4de7966fd6439ca859c30da4ef902e4cfe96e24cf631bcc585", "3591c7cc4859b268bac4ae9c37ad063e2b359d69373177c1834fc9c33982c922", "3790a53153f2cb7d5033bba60c669a74cd02a0a4ff754b0bb9c9f477d6a98824", "38e555f51512e75b0f2d89ce4962e2959594bc790361fcd54e4a1e3489072afb", "38eff8ceb01f5f94305bd61973e8d1901ce7fe5031aec73479a36853efe51b9e", "394e3d8281f904a20450892ddd138d410cc4a286be601b9fa47402bd84c346ea", "3974ae3cb09dc93987dbac59be2e5d73be2bdbc16a83cdf87932eef47ff97043", "39d88aaddb28b1b4e251aeebabb92d15c31d5785dc60cadc1db66b424e3068ed", "3a0a922f1a7f2d07d938b815af758c7cd72c0c1b41cfb659be368099c77ca226", "3a2e36880d96caeb1e644b1e9ab53f89f6578efcbcb2dc9721fdd75ae278e76b", "3ae50f3168f9a2fd0574854390d4418934408b1448e133b87c8fc2a9fd887611", "3c1be3eba9d6c09db537ab2c1db6adf6f75e5a2d3c81ce4fc6e02643da4b63a5", "3c5a0cef95ca7f9d81a4339f860ccddd418889668ed5a09eae2c2fa34385eab7", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "3ebaaeb13703dbfc05dc65ec1e939f6da7f596e1e9e04bb30308861f6afe7c83", "3f3a90671e0de30aa9ff17d806bf758d3df342c978777789cd3166277c9b17c6", "3f69bc086a8db722585859e949d1037611ff122ae7e83635045c3be94ac4b6bb", "4014008dde9a3be13b488833054501357a233fa6c75fb29004f60853c60b5b54", "406457dd74473a701659893ca487e1c0b395f1546c3a1067c9d44f05d316cb9f", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "4359123a6b93931e7372f8b8a275ca6267866bab15bc71948170108c2f70fa59", "435e5a3813bc04bf41e73ec5f8c15520806098d9a5c50d80ca303cdd9fc04fea", "449cda2c138268455622d50b18445c6ddf6763283daa300299340c0ce3a829cf", "452eef66914f7f00b1f7f9ccff2bccb9cb1a21cb96bca908112a690c0d73ce49", "468e9f21af4e2aed401dac9a0dcddf5cb6ea8ac4e1078eaecf5d2d2fa0aae822", "472c00adf8fbca789445218a2d587fcbd832543f2b551a303499f6ab441161d5", "475bf3293d4fad4e1a58a5eff696ce043fba3cbf2f1a33f6ed44a171dececb3c", "47cfa92df2cdb812d2ecd503085f9301d514918f18854edc65a2a5646a8ed0c2", "47d3c3a08a3bfa7e5a04f376eb7df902fcafa162175039b4115c197b5b81fb71", "47fd8078bf0e0554b59f326a8eb73e735bee45dcd25ef343e72200cb8ee96fd3", "4871deae251dfae718dc66777b73979b0ddce07601dbca0ff034e7c24b64f909", "49c34b5481d1030e4a0a0f62e83b54028e928d1f59254c3802b142a5c4d95789", "4a3d45eedd537064eab2af5e639773cb8482fa4683ea17c434a33d10ebdc909d", "4a7e9b2dbb9f332a19f5e4b6a784170c647398f7228d9b41aea009c49cf3ea8b", "4c33f5bc5971b99875792b3c3e640cba97d8b2768bd5285285d7b115abde34f6", "4c6730031bcf4e464086b79902541096fae8309b5bdf187931c260f353e3e99e", "4c7d7bcc3c0ed5234171cea487d4bfd458e572ad4ee7988c0fdc6fbca74b88c2", "4d8a937a70511e8d4dfbd4ee39e95d7d4d65fdff9acf892b72e32272f223ce4d", "4e1037c92cf324dfc21cc33009bb4d9b3864e0b137ab4a7f69f7dc2cb4ef9622", "4e8d527abddeb336c1cf3be1b93ed052b5e4866a5ffa99a76b0d07122ac3e088", "4ebf5700cb970bb3d384afc2afc6d937de140222303387a1624ff34605888ff4", "4f05c9365cf0ad9f762e4fe84794c7828d24cb4c24defcf57db78fd3432ee65e", "4f197c2718b7b5e8e09d3a93be224384092e836cad351662127911ef98e74877", "4f6c8227f585920c61b7b3d3215b23409b1564444c6bb3d4ce236a1113376579", "50b92edeabc4d7d5edb567e9c475673f1967d02b51144e4cc9ffcecf461cc68c", "5190b491be6eabf36c0121dead6d77410b8cef769cf16399c0dc375f69fdbfe3", "51cbf1fa2e8133d3a86f051f6382f234474027d98ebcc4ffb60070f81d401649", "53f3790ff386e9434d19fa02df9a1b1b6bd5d3e9a2970c1033fd4aa30bd4d29f", "54414b73286a342cacfc9c26d49617d66b4fd6395faf0215729cb12780d0447f", "558878b02b8f62b06145c248d55ba2dea24e95e89914c9a2badc875339c8f802", "56ef6a1f9eb0a81fc778f32955c8a5a13c0f23c903b48a65d5ab9031543953e1", "5721c7c78a7f417d19a39fd76a5544fd932fbf26db5d17ce0adcf62a8bfe267d", "5762bf2e63f23333cfe20829af7c2a97027eeda4eeaf4e7eba2e67b8455c46cc", "577892829dd00f2997d80924a9f2915cd01881116c3a87d54911ed88b9d9f246", "57e3da352766c8d8b0253a3c2b4cd5100d40112349b87b8b2ef0837fcb229f56", "583d2d6d792458a2a4aee98587661ffaa2375b90a9dc270604a5499bcec2d9af", "5882e438b230b3d7da3d0f80cd4979081d9a5a4b89078d951f7236395ca6ff42", "58ea3a1dc5b21938ce0cbf789af2aa5154812a08e18dc259bfa8251efea78529", "59a86234d80be180be4e876e1030db6d286316af1e0e583955531d5ce8192007", "5bcb9f21a15ef18c9bd91a495e170df97938305c80b10be88c1acab7f98ffe9d", "5c4258e3c8753fd9de0220cd18c7fd442232eaedc7ce8463742737ed8f6f56dd", "5c516677b8ba5dd47892e5b03985fc7d653bfe0ebd202e7e7b64e12167a408cb", "5dd023b026abe655133f875bd10688ce6a902047353841bb5cdf33beac06d904", "5ede776bef085a67478708a8236a71e0519b61979af1ca68a1ebe85b2f66be33", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "5fddc39f93e9c95083b95a15ec20ab516eb63e80d96a52fbcd60f5193d1588bd", "6065d13155cd0eeed42b7cb5f7e290545edb0e01d86cef0d20b6b5d4952d6710", "611f362b99e83db0eba86b65f79fd3ebb11f8aa7c4984cc3e8ffb23dbec92b4f", "619b99ed1877c968cae455ca5d17708e818899b4defebc4dc215831e42ac0cfb", "61c353384bfa9d33965419f54ed07f4a871d7e84cfb8848e54d07bb7fe5965f7", "622e61fe3280d48c34e020ae1e33a4098acfb6f00a5f09e84335e5bd541b84d2", "63129b1ea212cbdeda4582d85cb6d7aa3756a4e9822016a1e4651e9f18ebebed", "63a973d4b44f0b8cdd41c39599eec99d5c294f78065090a034e87696fe8217fb", "6442aab73aa12493e19b2e452f45b2784c661f28938c986084258db13fc3b3e7", "6491e4e20f9c65aa03586d2b45fd84725ac11eaa37da4e6831c44a11bc70712e", "6503b66c237cbdbd6b018b8f57b55ff2bc0b55697ee5b4082d6aebfd057762de", "66cf72e82afe76afefb1d530cbd58c6041ee02067723928dc2a9c95c225a9dab", "66d589006551da94f4931fb52a73c260788a0c7ecec22671385e9892a2d0c515", "66f823c84f8f31033d16e369c8c74eb7bf9e748a7251a7f2bc183c8e140b7ca7", "67a94aec2e30f2e2dbf372da0bd4256016a964512104d7e9c0dd43d20ceff380", "6808f1fc7e6192174f58553eb05fa3d3470a2a63de31b0610d5106fd7a37c17d", "688fcf76e5f7928f3d1d22d982c35006dd02482303529cc6bc642f5fee63ee6d", "69747a1403bd2f846f1411185b36ffb82b1d64920e01650f5320591dd5a3bba7", "699f2e0eb24a2afb426d2d1fcecddd8820d3f14393d9d90027eeea02b8171003", "6a535e15acc8cf36ca58f995a56fec7e2e51eb6f1180479910c323bd753d225c", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "6a9cb873b9c567d35be0df4d777f4dc6dcf23222578109b7c32482a35653068c", "6b1e80a344ac7cfc648aa256a9bc728c110230d27e91d335e68dc40f3852ae58", "6c9e9c110bb780f34fb77295c658641817ea92125ad4f982d2bf0741182bcf70", "6ec1ec07db506b1cd5acee9a1435496b0b974451f4411a19586487ac31bcc1b1", "6ecc63001c6719694858f7aa270a900cee4dc96cea080e79d3a7776dbba47a0c", "6ed23ce344da11d4286b01dc0518c3c3589752fe72cdc58ba3daa9631209bad3", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "73699ebd5f62e1047b5808f5c043e5abc6d2b3d7614f76ce9520b1bddc9b8cb0", "7577a750c2889a5b7419171390a3c0b6c277c3ea871b3cf7ecc684952d5af7b8", "7618ecfd40e9ac9c7f784fd2433f12af227fa37b8ed6bcbaf4187b7b8ff80b8b", "764c6691f08b420ba60fdce1fa641cf947ed12b2fb636a3eb8e8d86dfd358b43", "76ad4720ef4aa7962cdfbfb33e42395bad99c7182e5540f1c69e002ddc1a2ed8", "7755f5054c6e0e17c6363a4c7cf5763589fbb3394f92205678cc0e6a2835bb02", "776ac74c9c23e474b0e0316af33e515afac9af8142d4ad7d177caaf7a11719a2", "77c4da18b0419db22e6434ffa544eb4c0a0b77af18efd03e238a954ce7c75915", "77db8a5d4bca6320abcf110a53299308f498c7f9178eb780ba09c46183420319", "78502bb7eb9a925e6caaeb055e7c74325c2164648c9b45a553266d2a0bff8407", "78ab5333e87994535f29feb735d35adf1760b8488c6c7d705ad94fd3b4239f70", "7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "797cc59a9335463c4599602b5f97507f61ecaa7786a699f374bdedba3281b765", "798290044f4b1da995a9d66ad3b9bea8be8f1a566cd863967236729697f76d61", "7a03319140b9d8555c67de3a7af6e5d233c88e945c57715fb1b85eea7fcd5424", "7bc9d44680bac4d8d6200de12f863fd94ff6d6a74cafcfa17e289a1c6ca30294", "7bf3c082c1d8f10aa8ed163a3a11fadd8acdb82005dbda8370ab441d9cdaf83b", "7cbc2cc2fdc800015e0b82a23541beedfbe163298574adec916ac72a4a06bdb9", "7cfeebfd6911366525cb4c5c17599e85d7a0cace56fad0a556de863b49e9b0b4", "7db151cbc98455423e6c41b1c984b33c6c767c77f7d14651adbb35b7585df0ba", "7e0af342ec7cc9ca467c00a155dcff995044d089e345c67c479e0482ebb44d65", "7e63918dfd3f710a0996869382ebc133b3a5268a79b7a88689f77d34994948fd", "7ee4581b5aa004e4a99016f9a72fb0ee6aa438f495ea6f6844cad77819c0c577", "7f20ba59b5ace8ac26f8ae56864dd6ff093e86c4a326117ac0cc323b17921024", "800b4067a46ecf4f4a2312e5bfd22c2da18ee16188a717c08466abd3d1fa8327", "807855eb19eb0380d18ef6bd7af8e3c77100a8d869c99500ee83f3f3fcd0248c", "82a00e39accfa747ddcd4a322d213781d10e311296f95bf2fd3a74247203efc8", "84822bac3ece7026fa45164c77a3b8640e5a3e1d2c4db820315e9158d380c760", "850468c3816fbc3ae5d75a777e066a446b7239c32db9333aa9d2af3c00b7e5d0", "850d43b806f6f94f0109d1021dc9c3b91941039715c8db203be0300b5a896d5a", "85d5e003d064b51ddd91b1e5bb2dacea3666438f28f012cd175951b52637c6fb", "86679b17d50469feab7c09f54ae941d3f4ab6b63a06490c4464f496525aaf129", "86769c34ef01401f6477ac2b24f6a2a261b5612c55c60c4bd4c4ad7f858e1324", "876d13c03bf5c34ace9e4bee7f47efef1b8ea79551ae1dc5dece38c09dbcc8f8", "89fcd0c50aa458cf29f7e772f269d7c1df19f97c6d43c7b40943cf6ece7eaed3", "8a918fc76f8771a68155becb50bd59d12be4b18db8cf5fd6e15a464f56ea9569", "8b7ad064fffe5679b0a65b183004bbe6b82428ecaa3fe57266a9946ea10e6063", "8c0951b19d8663cd8356c1b3c520bd60f7106c87c7f6112ec44735ae116f8ae8", "8c4934ddcf205191ece5462a7a893957671cd0931262ca929a81c36cda04fa88", "8cffbe4c403a4002aba83dc69856cec0a175e79aaa8239fc8d8a6526ae1c52f3", "8d6494712e6a5e9b8dafb970fc1d41803ebe1f80a728f1d552e89d7e645acab1", "9000849a26e3f4e0f6a962fd805825f03c4449b54fbc751f8a94317ec99edd35", "90d75c96bea2408840a1c96bb60db58ae6bfd5d1844bc7af0c1261ee061b4709", "911106d2e05f5df0bcf2590c569ad668faf4e616531c2f49abf00ffc966590c4", "9272377c1fe36530b63eca23340d0832eb1ed360d95bdd0d40b73c5cce07c76b", "927a453988e0cccd71c910d4df74bc243f8826ac0628801f6cfffff1524e1f1a", "9293834a7ef17868c541cd931b7649cfbb3a1f0055b0b4ba28b973b179a0bb29", "9365ecee64493ce7f319234c646c71b57bd6ccf11b7b87ab5ae73aa27a426c1e", "94eba0a726f2835e1a332034ef84a691a8ff5d699875fd3a720a49ca3c6bd0a2", "959788380257f4c50026918e2e494572666a91ac55dd65f24ebc5554feaa5565", "965833932164fe26e93e2a7b4f7220ba18f61b537d31368ad2f834e013a22b12", "96a8a3ebfc86a37aada20656fb22ab7fbc3e99ae9b1da41828c4d842b5b41aa7", "98a1af3aee3e9f6dcadde9bc6ccd9ba9abfbddf07d263f35db80b51ca6c04b69", "99454529bac97dff1d1fe14a8a25f03e0db165c4ecdd300b185326d10805aa8c", "994d4af5f677d596d8c7169862dbfccc5c004904704aa1ebb6115b792c13cabd", "9981170682e961eb91dd53a375ddb0ff924606b4267afc10c3e4d15b9f0eda8d", "9bfe20c8598dd4dc656019e63526a88b62080ddefa7d940164cc0f2a1af1a9b6", "9cd739ca661cb185e67a7ff776faa6b54aeeaadf6597bf322a55f091c16e699c", "9ce1ad395b32221a84899c14eb7c38abb735dc36bcdb848a95e98f7fcfe83713", "9e867f091f3e1d0ac3eb6f97043cd0fdd101d79ef659f3ace2171fed37602bc6", "9f394ad2479f55930bc6a16c3beb2bd4207e001911604e2995cbf1e3951a0483", "9f945694e36e3037982477fc2c001f6c34a848bae56f8542088a6b4b0bd60217", "a01f16f1103c511a1db563bcdbb1e7a0079723e2b8c42a54305b418f79391abd", "a12e55aecf07b88ff19a8cd9bdcf353169db06ee0041375f1a83c1e7be913c5e", "a2d03fd809b984a2dbbce2382060ed964da611b420aa70865433e493831e44ea", "a59b2cb9f6c706635b4d97edc574a72ac54fba47f9a4a1eae77cf58a96ccf567", "a5f2e47139bcddc903b6ffc617df456fc8832a3ca147b92952ddbfe3518def8e", "a6dd980587e95a13f85a9d3847342a7c28cd3dc7dacc9d1439deb340ba3db355", "a737b96f019ff4f93675d34bc36baac740ae00edfb145f6f7a971351a22b8e0e", "ab3a80a251ba196434d09d49f9a76f61735bbea92701afa323205217782352fb", "ab75e533879d17245e24ad7424852fa8f56092f3566347cf7ace347c781b6ec2", "acf79cf3e9834307299e2069996d2f5544d202d032e101d99e801b8f3ee53125", "ad1c126f351f50337cb45c0a3829e42b126cb82f83b4a494e385421f2a66ee80", "adc92194a98179edbdddef649b8d093c0838db68a3924f8450266dae343c39d1", "ade02b61c3e40a46a74474ca5d142c18e9efa0d941fde63869cc42c3a9a3f72a", "ae870f1c7bb2e287bc00524bbb89a502cb06680f36f43cb7ae61407b7477033d", "b05a50794cef4dc42bfc59616d6a54118a96b3dfafe3af9f8df3adcefaa75a11", "b060755a3f700418670cc19a6d1d8abd9b9d2dc18b1fe9e34902a8a1de88fa89", "b06f03f36ed7a59ec05b82a79115a146ebde625f02b2d0d5bb795c5e174b7468", "b127dba38ff3754a031f8fc4effe82f1aee3cdabef1fec54d1c115fa8b98e91c", "b1a2b3a04146a171b847c4389b49c4eb2f571a1e19d1b30eb099d2f470a55b61", "b2036255d1c6f2114f434eccaacab4f21ed6afd66acec4ef39a7adda20cc2ecb", "b22871066130c86fb8d81ffcbae71df6f0fc4fdc2ec65e23d52bce9442cd388c", "b3b3fc11067ace55069be084243641d25d545a9416fff242aa97b26b36aef4aa", "b48fb20cfdd321b588c2ed128e1d28b58cc96927580d3aef5844796e716ca5ba", "b4a883d3133b1fde788033e3e1b46260098dd40c1e6fd6b2bcdfa80f2a7133ff", "b56f18b635410c0ac90a1896f53cffe12fe18fa1496ef385b07354cacb68f4f3", "b757933316bf530f8d931243e51d35ad7ad212050c4395f8bb5f6588ebf89ce5", "b8d79e882c7a0dbb3047ce2de1b5e6f5c09c860365e05d6229f21c73bf540447", "bc88ad849bedae9fb53cb4b3202f822064a6d18c68c840da5e08521a87986478", "bce83958bac5ff7c66d7f03141183a03e93088e4f4d85afbc2ae70f9aa5d64ef", "bd3f4e6857f138527ffc28369d9a687b522e72452210341cc406774146d038d8", "bd4e24c8bdb698fc1bd93184195505a8ff5db848480eb840378e87dfa06bf4a0", "bdd440fab44f5d9c83a016d052c5d3b1d1f65290c6660694f01b88684358ac19", "be935d432b2d3f5742eab60ed09dda0331f21a8a8e42f6492784fa4897999d70", "bf0b7a6caff7a5fc32e80c58a26f368be64a8e3a07d0f8ed2eb0f020976ce9fa", "bfa42df8d5e5f1cf6931d3b66542d3f9d7f7fedba5735418552388d8a29bb1c8", "c048b8a67aeaf93091ac3c8aa3bf4e93b69827af96664704dabb7ba88fb0650c", "c20ac951795c38ce01d102b8f1d5e576bb59eeb4a133c75f61b5e0bd3507c452", "c29458f8f3edbf37869db0305393b899225a035255d6956169867e2334a6cc40", "c2d1f392b7b486d01867881f11149c2cf2736ffbe63f56ec84d11eecb9397c74", "c31fabaf2090000d43f77431cf4f05b4d572e343dd232c4b2d043efaf642497a", "c33bea244777201c052a585e9a6be8adf4e6e4c49a0c56f1e3798f4f58764c94", "c38fa8541b81c334d540c3c2f564725d5d071f2fbd6f8baa08f0b8f8fc199fdf", "c4251ecc827fad27280374eb83c7bd759652267fd63737acdd82129bfedd909a", "c52b54f2829dcfcc84085589dd0a352a7f5b32accef295999dd0868b8c3b252a", "c54a1eb6b5e171f8c41d035bf196f1142e8aea874edf09c3768a6443a84538c9", "c5d6c2b6acbb54f804f40528b86d665ad84cab812b8c4b0d97e35b5929bcd6ba", "c63277616b45a887c84b1baf28a1639b42b8302293ee19e3ea1b90e1193cb3b4", "c66646ed045d45903c1e2ea19adb0b213d4269570f965d014633abc83b914aeb", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "c69d0a5e24ea8f4fe2f0e9a0c12c780cd058dda658f7e02917c99c89c0170885", "c6b3057e4d69f7a8d4e5960a2de7a482c7efd57588169160fb577a92e5384858", "c716a57bc9eb1f420c9720a03020d8d9b4191d340bc1b78a271ee4f588947843", "c797f0bcdd397c41027e66238134aae0b39a5facc359abd3a580529c37f0f80c", "ca1023b50d58dfd4ea46431ef5081b827889e8c12022763f5f048ff28f088c33", "ca70c359680556f736ed796c1aef648ad46a324d7dc541c4570bbce40f47b5c0", "cad07c10ab017f11f2f2de4d1fe3d1e5aca05d0e91ea7f1468be821e115eff59", "cb41cc7e77cd1041ca0e7f5e24237e510002076e49d89eeaf38f467f28c4a577", "cb71a4efc20e395d88581600539839e84fffdca998449ca0b3b547d25b6a3a7b", "cc54338a2fef28ca74dfbbbb6e0f0d1bc27a8539df356ed2d6e0e7c42b5ce7c7", "cc85f0fac59e7a30cc6ee9d6fbc1bbcddda086230c7d8de29633b951acc94d4c", "ccffd471a6e5fdaeb067150a9b35eabac91acf589455ea7a3074c3ce221f2968", "cd189d55a136804b6e4b2c94eaef1498adb8fc86955659def7ddadee19eccf11", "cd33ad6cb89dfd24997c7b423ede0df8a807ffd51da104a8a1f630df7d04d9de", "ceb018db1ce1b5ac14a354614624b7c3fe7253d332f1a1fddcb3d2ff268a3074", "cf3188cdb074ccd19f05f6c09a2fff2f65aab114bc1b2c3929f7679c24e36de8", "cf3639f24a94abe93db3d4c0ead99d58684874bc110d787eb4ffd32b1c51225b", "d0043ebc98d5db9769d7022eb99046a7d16966822fe3845b372c9c367361eb4b", "d08992ea3063ca6c8550742a0c6328667b77a1d86c60db48ef142fe116e3507a", "d09d46258e4110756ed9ae1399968e6e4ea2f6cd80d4f9b4e7fcfe7e15fd5593", "d1f9cb06159d596d0933f337c47865331f6d68d320fee6d0ebe354ea95c98011", "d22a18a2d3c8dd5dee6a0e122a493ec74136c8ce043e49ab00b75e355d33fae5", "d32d3918ccbea246ff4dc02b6847b8e416fa7251a1bbb979c0823d35c09596f0", "d3b0fe3adbd711fb9f728c252ec1038d97a62400ae76d9b7f6717b985d743caf", "d41117778c063ff336e66f4a64960e234a5bd890ddf659e6dae954f318ac3de4", "d42593ff2419e9e441881f16bd0a97b55fd0059d388cded1d951092837400305", "d443b2818ae1c1e4caaa1d17c2e8cd2d510e7321494a81ef320970e55c402bfb", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "d51de886825e9fa2e94edb2fe287a3d95d60e9c88e9849bc0307deb9876ec9c3", "d5c0ca6f3c06f05c9300bb73ae8d730d2c4a06feefcd9f01c3733094e91d3efe", "d5fdb1707cd70b7c81d95ba598b26c70a9ee81ab134e90e18421515cddc318e2", "d767270279ce593fa4b1c7ee441803fe70a8821f98c379f433bdbfdbce6738fe", "da35ce3743953d00de251d7920a49236de4cdc1b5de6a57e8e2484b2d269c02f", "daebff859fcbef0bc85056ad13f9ff9b8501d141d403439cb8ba278cb82bf4cd", "daeddfec48641e9651d95c04b8ad9c8c0cae53f3841bbf2519530e218446b344", "db78371ea4d13844f8fbfc6770c3603282bc2f89fe2c68c6acece04c11284f6b", "dbac78e48d01dc45c8d1742efc6073b10bf3b88ec4f6b22132305f8bd3343557", "dd4fb192c7ad738c5b574055bfdc941bda34bbc7cdc23bdad3eb4c2762709094", "dddef79491d4625d44e04ab9125fd61af60536764f0535929461ddd1ea49bda1", "dde295d49b5d3ff73015c3b895279078f2034b9f3b1f195a451a5718d52255ab", "de2cbfa8debe032bf559819e41d37cc7ea2f1cc129666ebfdf2c2e2f99cf113b", "de8e297aba6d70f712a6b6941c350e788a78acc9ebcfc94edb9cc69f840adb9d", "df4dcdfd33dd8cb3e75c88d2d5db054d8a82681ea466e4a201d4dbd71e298a1f", "dfe52bb8e864adec51607e86cd85ff8bf737f6cd4a71f5de619e9d318bbe9d1a", "e141c43f26326728c8caebe3d6c640ee65af5e96b85f7de046cad1c1650993f1", "e14f27911a4a34fa72acc235b75bcbaa3424c401816adcbf29f8df63377f4a83", "e22ededc68869d1f1ea0b39140f739b1d38663ce67601439b266a5bb983ff614", "e2862f849eeff1c1e9533227b37e1ec510545f13037eee118accb850fd6afc7d", "e32c2eabaf38221d17a3f450886a6179a52b2e119095ca89bef8c683e558b15d", "e37c7e5f028e88e7786a0d4ea8f698c33dd8ec30e660a859ee5c08cb625a77de", "e3fd5715bafabdcd2f0978df70c25da4c29efddfb9209c743c891ca520c64896", "e4186a6a9a6f2dae9eeca68a3177284249a54090514d761cabe2e992870d58dc", "e433754eaee204008423a0b749787909d074e0b95f790065538a4713ca5ff35c", "e43c14012e3e59585b023b848673bfdcd7fd4513b5b90e2f3688560d61a7627a", "e4f49a5a34ff05daa0bef5ae83ddd96e55fd5fc4fbf09e49881d5ee216e23c41", "e624dd01c7895dab25a1bc8c8fc1c5f654efb8da1c9c46bc3e7af8d6ab5e5146", "e62d92b3bbdf6ba2f39949248dd87eba29dae98ee392fa840073f52b0b806f64", "e66a2f3816f9771ee780de367421e642cc42f2be208e52d03938442bbe831415", "e6854f68afd97721fabb5804879529c2854cc734109444194a9bf8951893b8de", "e6d074320e93a92d283ba00ecc4a5ab4e2023a2c5447215df601bf355eb9eacb", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "e7db69522cdf2d6beeb1c99921023e8b4fb53083d8a3f1a7522ad9b0ee4b1b21", "e836f8a8740009696762a1e9ccb74c0b8614d90eb957af470451c0794f86a4f3", "eaba2712a1f774e64a1967f592239d0e6406c655e9b9f4c5dbed25e663e3edeb", "ead7de0212434613cf89b6c0091d1b188ace759ae7e8cf371d75945562582dd4", "eba62f0924fdc656e1db6c2bb976cbc669f1e06fd7ab030c9281c9364645d62e", "ec79ca58ce97e3658fc46c61b37830e403a8617467312426b34f580808d15a91", "ec9abdfd7d2f8cd8a7cbf62b9139e8e8461e0ad7a66a4f01e13d352354e92359", "ee18a1f2066ee4dfce37aa6dafa2cd530856f94fb16dce815a3b510a08870763", "eeff6a02f5ac6a29c4f44befc305ff14b3f670a00b2e4f0c35e1243d48ee0edf", "efddce4ab6f1e41931da82433498a9aacb229a8d048b60ef65a97860a31f7bcb", "f081649b9290f4c682def6ae05076a4c7974a9004afa90605ee855046210d9c1", "f1059f7cff2a09a7fdf29664c25565be9ece0c6658d58f6cc3226b454ef3c7a0", "f1309c38ae153fdbdb3e20e4e5369a3c8b6a08bc75da5c24d9fe7903b828089b", "f1cd58b6c309d907745c95ffdaa032b59a7c99e4acbbf00a82664b0f9ecee966", "f2de648dd40f67eb99da84d06276badfc79eb773a097401bcb938244cee29c93", "f35c586eed18fe3917dfeb7358184d5c11657620a2cf1a0986e9ab2669794d37", "f36679f17464f090a7a37f6854f673c1f90862ae3e15f3d22c73ad01f1326999", "f368b3944f310d590966e74eb0669cffcc629eda5fb2c9263b30bb095ddc8adb", "f3f1d2289bb384a856176f5916eeeee200320f091a0bcaeb3e89dd96f07d623c", "f4c028ae7d97ad45e94a77ffa5d1506467fe8493a64723efbc25d1bf8e7d9097", "f58ccf113aaac588b1daba404c7571be7df6387387ee90f66161fe32bc3a6c3c", "f5b80de8f7945bf2db1c6235d5594db15dda807c9f9e907a04b4016e158d8b89", "f86667a6f0fb73229a1abc84f5c4efcb914bfeeaac3cc4f36ffa7997dca58dbf", "f897a63498adadc0a71cd030fb8eef509a314a09b28f01deffb4f3b9138c4b9f", "f9ec4f89e1f0f6c140531c60c1e45f36ba74a327e600f1dc3f7d9efe3b0e9fb5", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c", "fcbceb3237f69520b1a501c21c0006bc79d0a0e70e0043a5efceedd79b711486", "ff73b86bd1a28c26096dca5678bb1acda1be3eaab72bc9d3c59ffd8f1a66c4e4", "ff88089c009fd591adf2722ea79b48a0c573ccd4f02eb152c8bda7dc707f9406"], "iocs": {"domain": [{"hashes": ["00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c"], "host": "talonstamed[.]com"}], "file": [{"hashes": ["00e0d6f92da46b9d423d42e8773f33ea600d513fd7182b0b1806b57ff9b0978e", "018eadee00ab42979388a5258775950ec8a65eada68602b0bc2c4557245abd8f", "0243a251029213228c6a4ba5fd77e8f5c6ffbb2828c564d3746b7396e5a8f0cc", "02faaae9e71207f32991172f3a188e8f67eea04050308bad20f1d612d38dd9ec", "03a80812945ef06b8d528d9581d043db185c654c62ce46c506e8946d8a628e85", "03bc3dde218f75c0f4897bd5dcb617f0e8d057cd8423bdd02c5d02439af077e9", "03bdae8522075ebc1b31b8f94db286516edd8f1a6cc7515fc92862d649a6114a", "05c34e1b0d6d390cbe9fbe37cda2fde2c61c5cc3df83cec873fd5fde27e61fe8", "06e718742769a6f11e5443642961238caa8bc48b89b5f8a0bc439fe871440e8d", "073875a6f6fbed080d30812728cf86e4610166831c40d7a38397c282cf16130c", "092224ed497b7b82872c7832e8fe87d47db08771cc0621b72685992c5b0dc475", "0a33d4eb4ab5855e90fdc9b453f021c065306501e0be307456875fb0411bd69f", "0a45b87e3a5f20e05b2bd6b5c106fd5c16cab9164beb360ad49941005ad23264", "0af2747c467fb0bccb46534a992c5acb76d2e74752045335f2dad31f4389b192", "0af4837b13e971f7517455f784dc977561d4a403f3498f7fb81f98530a9887d3", "0b64ced998024e37a0a087d2c4f34703893d82a9f77b31661f8bf6e37351df7f", "0d502009e9875ffe336215e2fab0897d924830f1c4a526ec048f7adb1307cdbb", "0d5b31edd00cefadc71c915e9c93bb3712e432df0ec3b6970100e2afc00dcee1", "0e0af72892e5e953514b40f3fcdeef671aa6b4525a2ddefe168e4a024ac0db90", "0eb2a814f0e62afd1f952aad6ffacd481c965df2732e818b87f30d4f5e823dee", "0ef482c543685153e80bcb7a98518b03783200805d6a22ad933ab4657d6aa243", "0fbd60a1cfe8c604e5081d29ac7ae2b5ca1ea8056f344285444ea3b3777ae54f", "101524c177bea4ccd27ee571572eda4b7739cce6a847e82d955b6c9c2c2682ac", "1217daa33ffd22d5f7788c4fa80569e268e5b15e1b7f59c2b623781e5bd1f870", "136ea4a5ac36f61af8bedbd2d7c4d37ea4d37ac602f77c445f60d89e282d36ca", "3eb2be2393df896434f0c8d438bac327f5518d49a7f3a2cfec0ea8bd73f5e4d8", "432768aaadaff72cfe37119efa056914f9538e28203e9a0aa726e843d3a425f4", "5eed552f680e2a9bc404b461a03587ec8915fc6fe9c2e8f1649a139ee892d4a4", "6a568b0229f7b863117501a7d795e535ac6ff01227d6d1120622d5d47542a7a7", "7257368c8d9cc4975dc9d69981b339493b3761bce96255bd68e4c18b3acb96be", "7925213f3f2dba7d59c47d19ff041b76bd2b394c20c102d39fb7535e7f92193d", "c67568fe4adf59f8963eb98f503fdde7657670b2bc0c5e388465332d42f68998", "d47b221354d3a2010beee83a97a2c1d708b0b4aa414e0f42ac0e46fd1f66a4ca", "e7beed32b660f6025964a61e55c31e9f29004279cec7502669e77ff04612bbb5", "fb13dadb40e54a1353ada77f89fa6aafeb381fa50328d5637aae5c750545b753", "fc9d5d2d6a8be3b44b50a630a7a485f090cbee97e312226e8cbe569f9494f24c"], "path": "%TEMP%\\ghyte.exe"}], "ip": [], "mutex": [], "registry": []}, "reports_count": 36}, "Win.Trojan.Gh0stRAT-7623999-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-program-dir", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "process-requested-file-external-drive", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": []}, {"bi": "pe-packed-asprotect", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading and executing follow-on malware. The source code for Gh0stRAT has been publicly available on the internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "3879fc6f3e4e49def7cef36a2e0f6e0bd1ab36b53a3c699a37dcba5ed8a78b36", "3e7136cffba8f531e3ae39b82d81bd52cfb24c1a68b02260a44efd88db7ac9ee", "40733e5b01166a1afbf0945931de5a97cd38c7c5a696a3a395de92b4e67fb11e", "47c9d37e5d722e0cc6f90d19dcfc66d4c124565a3b674987cee44d26c95eceb0", "4954c2041645f5ccce9d23d6c550e07b1dbdd2fac65e2eab126ca60d9629eaf4", "4cae1a4a1394b4f385a01422186edf67d91910b988287dd6c8badece9722f1b7", "51764d749b6823f9349c95e5edcaa4061d3a45437437c421acb988402717f927", "53d331aec3af4ee0e8e2d577ea1755583cd7ea88a056502cca724cb060edc73f", "5807b94a40e9108f16f0ef2cb1755eea66352d28142cc87aa80febb9eca11ffa", "58de63a6ce9f545f5b6068fd52f4ebf646e82109229cc53ced3bf045002ab5a3", "5a8d9ddbabb6d878428aa67d6ac9f1d5bd369ef45796429e0f442904acd4836a", "63e6de38a791e720cea4814d393f485d6230e3be1155805598225df62836c35d", "642f91b1e80a245280ac7433a3069a23ca32aa488783976adfc89031e59fba98", "665e6aa95f1179081d9347607d41697d2392ee372d2e9b2a116d904d62ab89de", "67094750cd05b98e730154df292bb52ed00efad9e29e19b6ea17c3b9b5e0d49a", "67d60e756d2db847f03d9dc9cf02e3196bfa460e52deb092916790ea4a1c584e", "6aefe1da4571fcda6cabd278cde0b57ed6fa49818d7e0e77baebd06dd22d38c8", "6d4f7ecc860d71f5fd9936ce0626a07cd6928e0b276881d59cdb24d77e995d53", "72814b8be98fdb68d16caabdca38757a3a72e8b589bbd384a4da4fa82ee39691", "731489d46ed9155b4da0f897c5329387e36138cea7ebe0b66b23102b302afdf6", "757723a91aee77735e799f8950ec808c3e8307115abf15e23204738d4b705709", "7716fc09ff2610afc2392da8dfcbf3e340c2bf57116b9c1da648d597b7a6efc3", "7c747e1360c25ef629068ff0b62d01a8369bf62db1bce3b8b6a71b4606c19cc7", "7de623b7492ea206d8996c65fcb67cc8e947457d49265e1f497c3a88d8435ab3", "80c3c591e3eb646520d8b24823c0f4b0018a0a83625eeaeda1a3f338086d3b67", "833a2a24d44c092f7554318c3140df315e3f6715f17bbd5642b5ebd5ea904fe8", "847a6b03b31270f3f68547aa6a76f71181649b4c14429de4eefde3c5c2afbada", "848631bd0bd094d41ab217f9d728a5e260a2a951fbfacdf160ee6710f00cd28a", "8a586128e742998320fd8a4454261312b21adedc29862645433f87d673248a08", "8d3e92c352376b110491edde7dbd7592fcc0871dadd57f32f8dcfef039ddfd44", "8db9df90caf5848311c5e1fdda74d133e8b4ff5ab33fdfd807e5214fec00088c", "8f36329ac54425c721080f320811631a6fe45a21ff99ea1830fc25b80553c3a1", "91a79c2979e87f35850f3848080af9e48475a3028c43ca42905a996960e83a4c", "941fc488d423710724b054736b67cef6eff5bffb81b73eb535bbe8df0cdfa979", "985ae08d1f7f1239cc8776eaf8169a3a1a75f85dee2e759be7700fc623e0cec9", "9cdaf549bfa1b72856821634be558c13c1a04b00528a4190c06d09595c6e9f4f", "a3276f3e027ec15b6aa56fed9c70917a9f18b5c2a6b0acb1ba3ace6450422ead", "a3288f992793f01b61c7515b811b87ce91fa2ee89e115a8a228bad955f14a385", "a48271a9618f8a30b448fa6889278f228c9bef0e825fac0ba85cc2be1e4a9913", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05", "a9340235213f8dfac1281371c087e0305385ed1d251528e6b7e1bcd981d51225", "a945dd89b69c938ecfd0f0745c0df256724fc9b5f8f8b4e26abf5e9eafb8fcf2", "aa450912a97e6979c05f60ca00d31c99e45e44ca7fc52a924f8b69cb16c695d5", "ab400fee8591aff6766d11191584707249cfcdc89e975a0e9901b060735048e6", "ab9c5d9abd18e36a1024fcb07b01b631b6b1d907603fb1050af863c88d705336", "ad5b6ff1cf6f42629b671e5913332c2d9102814fac3d52338a2a16d181910ee2", "b3655ef0dd46c17c90d4fead9289110052619a004b94fab8da0af4f3f503ba61", "b7c3c28f41ba764a11884f3ef8155778fabe7734d6b89a0efcbe2ba99f645289", "b94db95076f8379a2f410f0aa085f2e159c0c493fa4d5cefb4cc36c6b9d649f8", "ba8648d05b532ccd3fe9950908fc3ea7c360d355dc6e701e3797d00f69b208f4", "c96c2272319c4bf348fd29c3fe765338c762fb59f68f381cbb95a02931a45b78", "ce1a7188a92c11187d544ace694623ebf83614a28188bd96b1078b4d86d19191", "d2b7918ecd28df0052e200b1fa3e855da4600ca046b0f41b616ea9bdac8b3fc7", "d2c7230d873a07b8a52f0a3fce94c238b8250bc7fcd3dea9af4af53558dd5e80", "d30260a10fe861b651ee5a8b6988b84a5440cad0ef747ee769b519152bd6c8ef", "d320ebd3d9d015b4d32b67a25d81b351735ce5a93805c6a66856e396be9ef8c3", "d44fc2a265afd35e2d728f42e4afae33c627e87ddc7a5a4814fb9b025a74f097", "d53e2755b14f674a752ce40e0ee44e78c275bab5a743e84a02f3bdee8d364629", "d7bc27b4f8273882a218ab93a799f7536374a8f61777e214a2d9f98fca85ef40", "d8ab50514249a93fba06c44991285e38e7e587e73a0ec80bc60e5ea2d9ca278a", "d9a6ec022f4647b785654b40f18c087f0e4ca9eeafec46c0c701fe35c8b05ef9", "dd73f56ebd06ed0413628ffff5ae833c4ebddd175d3520a2986f551ac43d0309", "e1fcdca8508feaaa1bc308b1833df542f02bd63c9084d6311aae20d9ad63cbc1", "e1febadf700a55282f9615e52ccf6a9b3d4f101b0d8a15227ae970c261341f06", "ec16c89bdd4b83bb3439376e561d8a013657829c8ddee8e8198504f7d9897567", "ee3d3d5502c07ae115fa5c24a0384a94c07cb0224e625dbd018a1e81d96496bc", "ee5f2009d07c178a7647bf2e35cdf7eb9c9466e2e0ca69ffea86a76ccf23cc17", "f5d494a843e011b952872af9d075b34998628fdfc5d1681bc151c9e6f1a23fd5", "f960947ee9e83c964a12670827b545c07de87aa04c58bc67f8675b9985ba14b2", "fbb23db204fabc01e8457de0feca8b13e47bfebaf949885ab743ef96edd1e606"], "iocs": {"domain": [{"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05"], "host": "blogx[.]sina[.]com[.]cn"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05"], "host": "blog[.]sina[.]com[.]cn"}], "file": [{"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "path": "\\1.txt"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "path": "%ProgramFiles%\\<random, matching '[a-z]{5,9}\\[a-z]{3,9}'>.dll"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "path": "%ProgramFiles%\\<random, matching '[a-z]{5,8}'>"}, {"hashes": ["1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81"], "path": "%ProgramFiles%\\wzzjtrwg\\11061317"}, {"hashes": ["0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb"], "path": "%ProgramFiles%\\dejbnw\\11061317"}, {"hashes": ["a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "path": "%ProgramFiles%\\uwpobvq\\11061317"}, {"hashes": ["0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4"], "path": "%ProgramFiles%\\ryuhy\\11061317"}, {"hashes": ["202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f"], "path": "%ProgramFiles%\\asuob\\11061317"}, {"hashes": ["1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63"], "path": "%ProgramFiles%\\kjefj\\11061317"}, {"hashes": ["0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5"], "path": "%ProgramFiles%\\cylihb\\11061317"}, {"hashes": ["1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4"], "path": "%ProgramFiles%\\allghgap\\11061317"}, {"hashes": ["0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e"], "path": "%ProgramFiles%\\ilaco\\11061317"}, {"hashes": ["1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7"], "path": "%ProgramFiles%\\wmzdz\\11061317"}, {"hashes": ["168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc"], "path": "%ProgramFiles%\\zsjbse\\11061317"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d"], "path": "%ProgramFiles%\\ymsmc\\11061317"}, {"hashes": ["11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486"], "path": "%ProgramFiles%\\uilym\\11061317"}, {"hashes": ["12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9"], "path": "%ProgramFiles%\\scyolij\\11061317"}, {"hashes": ["20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640"], "path": "%ProgramFiles%\\haeeeeki\\11061317"}, {"hashes": ["2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768"], "path": "%ProgramFiles%\\rgssy\\11061317"}, {"hashes": ["28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84"], "path": "%ProgramFiles%\\iryib\\11061317"}, {"hashes": ["308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91"], "path": "%ProgramFiles%\\okjnxp\\11061317"}, {"hashes": ["22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b"], "path": "%ProgramFiles%\\thzuj\\11061317"}, {"hashes": ["22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f"], "path": "%ProgramFiles%\\ecmyp\\11061317"}, {"hashes": ["2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9"], "path": "%ProgramFiles%\\rfgbffpf\\11061317"}, {"hashes": ["2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46"], "path": "%ProgramFiles%\\ztakzdht\\11061317"}, {"hashes": ["34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05"], "path": "%ProgramFiles%\\vmmvx\\11061317"}, {"hashes": ["30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2"], "path": "%ProgramFiles%\\fslyr\\11061317"}], "ip": [{"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "ip": "107[.]163[.]56[.]251"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "ip": "107[.]163[.]56[.]246"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "ip": "107[.]163[.]56[.]243"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05"], "ip": "49[.]7[.]37[.]126"}], "mutex": [{"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "name": "107.163.56.251:6658"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "name": "M107.163.56.251:6658"}, {"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05"], "name": "0x5d65r455f"}], "registry": [{"hashes": ["0934b3448734825133862e420fabce845e1f29a128ba6e17d53d6bbd583bd76d", "0c4474a00c976c583ff2adbb4c04c22983156c53d0f9a3d521420ec64c01be4e", "0c52e06f412c1fa08b38c9bd7f655c3130d88691571003b0b33de7c7937990e5", "0e20ef2be74b28d976a18f965d1f4b01b9b82e51d19c7da721bb70298c927bc4", "0edd1179b86f9f81e15d2ce9e73d50dfeaf2abb40985d93ead9a751af44a51c5", "11a4c6e5f5dcc9e004e84128677735f9451801eb08ef46deffd3225b21217486", "12bfe4f3d6d3ef87ff046cc7ea4acdd5ac47e6ef176a64a46d102b889f7dd1c9", "1514da21563933e01a755841838d4cf481b3d4d3f8a42248fb221e7c80603b63", "1523e0097adf305f594415fe116c68177a8eee89e67900cf6893c726bb46c9a7", "168f6ce491e96bc81fcf059a426e23dc10a13dba6d658ac23746dcb68c301dcc", "1a7b46c9d376df84086f76b7688405517e6a2bc997dd87755c00713a7a6b6c33", "1d5279fc2d227358d5616d0ee3198d2dfea92ab1529587dfa65b3d5a581dd8d4", "1ebaa2fd0e70fbfd496b708608843a56fcd02e69c6f9c984bdcdd673cccb1c81", "202390b1adc0b9606c5d909bc5c996eb3f674375d758c97d7cf3112b4fab0a7f", "20f9ffcec606bd6c89831a5d495b63ff79bd65815ccc673252aadf19d3189640", "22c94e544588e7f9cc06749dddbc2f910ad1074b41a55c626ad5128371046b7f", "22ea420493141a570bdfc2e8dca06ed50ad16833fde6b0bc36f4ddbd484ba05b", "28019cb8ce7f7d977908404ef0860a80321150e6bcb4d9943620fd54197a0afb", "28195f0eb54c0c424c5a7d7814c54155bf773597a840df71c1d97da43d8e4d84", "2acfb3773600078c00ef270c931b5ab981496f02b23f859b09b160765d1fdf46", "2c46101712ca5f47ee5fc355eb3cc6c1887ec43f25dde8825579acef7ce3d768", "2eb5d9553fe330703ffe2630d51c64c4de70a65cac4dc7b993736618defa7cc9", "308f2ddafbbe757b25892d75b9689c589f53cb43fd139677692b7ac9563a2f91", "30d632b141c1562425d5fe07f8736f328241ee7917b4c5db7fbf7090e46c19f2", "34669f4ffeb3f18e1b3cc8ebdd8fac42ca63172c1b700c8233c213f0ce4e8f05", "a67acdaf14970b6fc528707c959554dc76e3869d4d63001fe4f3862e1ad21a05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "D3D"}]}, "reports_count": 26}, "Win.Virus.Expiro-7619891-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "malware-xpiro-mutex", "hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "57e0a887066129b038992bb37ac122eed243d547402b818f8e3418cb64c2f5dc", "5fc5a2e31648b9d396b332e8669bb05ae0c1dbc238b3621577828b90393ba9e0", "60f470fc274371fb1affee482c0cb0375cd818645feea93438edf3e4e2727467", "aacd03ca0d37e0c10fb4a25a17fd5d674800e9d80c7b95275b03b8054277dd77", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "cd78007ac04cd1e8c827569ede23aa9ca46aaf282dea867243686b1609396d4a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "iocs": {"domain": [], "file": [{"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "path": "%System32%\\winevt\\Logs\\Microsoft-Windows-RemoteAssistance%4Operational.evtx"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "path": "%System32%\\Microsoft\\Protect\\S-1-5-18\\Preferred"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "path": "%SystemRoot%\\ServiceProfiles\\LocalService\\AppData\\Roaming\\PeerNetworking\\idstore.sst"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "path": "%SystemRoot%\\ServiceProfiles\\LocalService\\AppData\\Roaming\\PeerNetworking\\idstore.sst.new"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "path": "%ProgramData%\\Microsoft\\Crypto\\RSA\\MachineKeys\\a56ae9f8cf2dfeabfcad25c167e25ab3_d19ab989-a35f-4710-83df-7b2db7efe7c5"}], "ip": [], "mutex": [{"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "name": "Local\\RemoteAssistanceNoviceLock"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "name": "Local\\RemoteAssistanceSettingLockS"}, {"hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a"], "name": ""}, {"hashes": ["31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780"], "name": "{533F1D0B-BF88-45D9-8FB4-6EDAD220A36D}_S-1-5-19"}, {"hashes": ["c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd"], "name": "{533F1D0B-BF88-45D9-8FB4-EDDAD220A36D}_S-1-5-19"}, {"hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a"], "name": "{533F1D0B-BF88-45D9-8FB4-E1DAD220A36D}_S-1-5-19"}, {"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb"], "name": "{533F1D0B-BF88-45D9-8FB4-E7DAD220A36D}_S-1-5-19"}, {"hashes": ["dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "name": "{533F1D0B-BF88-45D9-8FB4-E4DAD220A36D}_S-1-5-19"}, {"hashes": ["c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5"], "name": "{533F1D0B-BF88-45D9-8FB4-09DAD220A36D}_S-1-5-19"}, {"hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a"], "name": "kkq-vx_mtx<number, matching [0-9]{1,2}>"}], "registry": [{"hashes": ["039939e87e70b671e146423bcd1fe5c076cfe3b7f5a4b1014eb050c2560b46cb", "31731b2320db118594ae01440858df2fe5ef1d952010ffc33aeb283ce4a3a780", "c2cd812e53a19ea23eb6a5af70e74b0f1293b644e3c781e511483036b0bb97cd", "c5647d205b12af4ae359096cdad982a69e04e5e4d62d11b8cf622801cd9c17b5", "dd7de9a6b21e2f11a6d66a81e6e4716570548bb358f61257e2d0248ab48f288e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\REMOTE ASSISTANCE", "value_name": "Altered Desktop"}, {"hashes": ["ca3c9ad3bb61529028ddefe892b77d15fc3d71398a6a3f7b1afaab8d7f02de3a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\REMOTE ASSISTANCE", "value_name": ""}]}, "reports_count": 11}, "Win.Worm.Barys-7617456-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "created-executable-in-user-dir", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-communications-http-get", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-file-uploaded", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "feed-domain-rat", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "network-benign-process", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "modified-file-on-usb", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "possible-dga-communication", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-snort-malware", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "crash-dump-file-created", "hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": []}, {"bi": "benign-process-has-child", "hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "malware-dorkbot-mutex", "hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-hide-files", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-disablesuac", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-action-center-disabled", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-with-multiple-children", "hashes": ["30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "pe-uses-armadillo", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "artifact-windows-task", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "cmd-exe-file-execution", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "network-dns-category-cnc", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-imports-toolhelp", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-snort-policy", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-explorer-process", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "html-suspicious-unescaping", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": ["TA0006", "TA0009", "T1140"]}, {"bi": "malware-smokeloader-mutex-detected", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": []}, {"bi": "html-js-uses-eval", "hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-client-error", "hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6"], "mitre_attack_tags": []}, {"bi": "fake-explorer-process", "hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "mitre_attack_tags": ["TA0005", "T1036"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "This is a trojan and downloader that allows malicious actors to upload files to a victim's computer.", "hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1", "1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "30232026bd78eba73532d9cda9b49f78d1072a56b6e342e517be8bcdb67b4352", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "45a232b28071235c369b6ed75acc084281e62549b89683d5683c0ac311da7f02", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "51c7bc1f9c51047fb509d72481aae1db3612849faf2773a29ace6881abb654a3", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "914c2d1c93141c9b9b70afa1f51ce20362f4f9dc4cd3d5c21bc61704f7c451c0", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2", "ab615410927058084c4d0000cf4eb18bac4f3e98d8c8c1607d2b2489912729d6", "ae098c50743aa28db523419297e4614f6b4402c1e3ffa37d568f8254fcb82826", "af3a193495917834e4b35d4ac08a6b7bb426820f06f157d1f71b5deb15785cf0", "ca9a02f8fcc0ae89a7e1d669da3ea1b939d433c63a946f8689f1216b53829e2d", "d2f5e45b30434a431cc56325afbd7e605148f5ccf7c9273c82ac8afeab916020", "d4335256d270fa17e2be6840b43c0f1829aee9910b97ebc5ec3a2d8a4966074b", "d9dab1c958c9776451dfc92fc735a735630aadbd1a0d8880aa99d921adedc6f5", "db74f77251f66ae35ec2d66f604845fe6fb50309b3eec661f76222a4f61e5a9e", "deff6a34bd3b88faefe9d224b69601b28d5e74ced4da2493263d84acdfa027a2", "f7cf9d26f3b27c5a29c42470931cde3d680a638154b02f22b34994e190dc5db5", "fe24dabdee0b16f9df1fc17bbc8897cac5925037c3d9730bc4cd8049de6e488b"], "iocs": {"domain": [{"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "api[.]wipmania[.]com"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]lotys[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]zhgcuntif[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]jupoofsnc[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]kvupdstwh[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]aoyylwyxd[.]ru"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "host": "n[.]spgpemwqk[.]ru"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "host": "europe[.]pool[.]ntp[.]org"}, {"hashes": ["20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "host": "domand[.]altincopps[.]com"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]tuntu[.]info"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]ka3ek[.]com"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]l33t-milf[.]info"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]xsaudix[.]net"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]altincopps[.]com"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]tut0r1allsvu[.]info"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]yeh7292ahyssozananan[.]com"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "host": "dom[.]x01bkr2[.]biz"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "host": "nutqauytv5a1113xyzf115zzz4[.]com"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "host": "nutqauytva513xyzf11zzzzz0[.]com"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "host": "nutqauytva6213xyzf112zzz1[.]com"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "host": "nutqauytva1413xyzf114zzz3[.]com"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "host": "nutqauytva9133xyzf113zzz2[.]com"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "host": "and18[.]f16zakitchenboy1[.]com"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944"], "host": "and28[.]aviationdreamflightering1[.]com"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "host": "flupdload[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "mxuydkcokmmtt[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "briqco[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "ujslg[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "nnmleshicgtc[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "gfwpjscavxihq[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "hixqu[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "bjtcefnopavt[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "tuckiq[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "clphimfh[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "vstpf[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "biaxjk[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "pdccmw[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "xxasy[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "auxtathvsawq[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "pglieutqr[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "avjemdlfvie[.]instsync[.]eu"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "host": "rxlgiifk[.]instsync[.]eu"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "host": "and18[.]f16zakitchenboy2[.]com"}], "file": [{"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\WindowsUpdate"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%System32%\\CatRoot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%System32%\\wbem\\Repository\\$WinMgmt.CFG"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "\\jsdrpAj.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Uxoioc.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\Microsoft\\Windows\\themes\\Eoawaa.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "E:\\c731200"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\Update"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\Update\\Explorer.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\Update\\Update.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\WindowsUpdate\\Updater.exe"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%APPDATA%\\c731200"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "path": "%TEMP%\\c731200"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%TEMP%\\temp41.tmp"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%APPDATA%\\WindowsUpdate\\Live.exe"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%TEMP%\\apiSoftCA"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%APPDATA%\\Windows Live"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%APPDATA%\\Windows Live\\debug_cache_dump_2384394.dmp"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "path": "%APPDATA%\\Windows Live\\pldufejsya.exe"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "path": "%ProgramData%\\msodtyzm.exe"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "path": "%HOMEPATH%\\mslkrru.exe"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%APPDATA%\\alFSVWJB"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%System32%\\Tasks\\alFSVWJB"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%SystemRoot%\\kernel32.dll"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%SystemRoot%\\Tasks\\alFSVWJB.job"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "path": "%APPDATA%\\alFSVWJB\\regedit.exe"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%APPDATA%\\alFSVWJB\\explorer.exe"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "path": "%APPDATA%\\alFSVWJB\\twunk_16.exe"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944"], "path": "%ProgramData%\\1346040713"}, {"hashes": ["1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6"], "path": "%LOCALAPPDATA%\\svcxdcl32.exe"}, {"hashes": ["20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29"], "path": "%ProgramData%\\1346045752"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "path": "%ProgramData%\\1346170958"}, {"hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "path": "%ProgramData%\\1346207993"}, {"hashes": ["1cfbe317067a972a4078982b5aeec52ee153e656e7ca0e9c08ad056ae46a34d6"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\svcxdcl32.exe"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "path": "%APPDATA%\\alFSVWJB\\taskman.exe"}], "ip": [{"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "ip": "212[.]83[.]168[.]196"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "ip": "204[.]95[.]99[.]243"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "ip": "199[.]21[.]76[.]82"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "104[.]42[.]225[.]122"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "40[.]113[.]200[.]201"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "ip": "195[.]22[.]26[.]248"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "40[.]112[.]72[.]205"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "40[.]76[.]4[.]15"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "ip": "184[.]105[.]192[.]2"}, {"hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "104[.]215[.]148[.]63"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "204[.]79[.]197[.]203"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "ip": "35[.]186[.]238[.]101"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "23[.]41[.]180[.]78"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "23[.]54[.]213[.]99"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "23[.]193[.]177[.]127"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "104[.]71[.]191[.]9"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "ip": "23[.]221[.]201[.]229"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944"], "ip": "80[.]127[.]119[.]186"}, {"hashes": ["20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29"], "ip": "82[.]209[.]245[.]153"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "ip": "209[.]126[.]109[.]113"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "ip": "209[.]239[.]122[.]212"}, {"hashes": ["417785e882ebfac143003ad2a2f55d74c886573a38ccd707b4f7c8b5528e6dc7"], "ip": "109[.]163[.]239[.]233"}, {"hashes": ["8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0"], "ip": "213[.]251[.]52[.]185"}, {"hashes": ["a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "ip": "44[.]155[.]254[.]17"}], "mutex": [{"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "c731200"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "-9caf4c3fMutex"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "FvLQ49I\u007f\u203a\u00ac{Ljj6m"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "SSLOADasdasc000900"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "name": "FvLQ49I   {Ljj6m"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "name": "1z2z3reas34534543233245x6"}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79", "872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "name": "alFSVWJB"}, {"hashes": ["135cc794c91472fdfc348011ea2129c87e8912b296a62072d77675c854e087d1"], "name": "AF814EFDF626A275C1581FCF06D840E298B68E3C"}], "registry": [{"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eoawaa"}, {"hashes": ["0b14ff73a176eba3785d77d7efcebd8d85d9c102a25201abc9ed2e5630d4b345", "0ec6c61e05f6a766be0468eb7df141c8844cd7d2a801d02510874e14b67fb52a", "13397e374d6fb7564332a98e4d5ca3af4ad57d1df98c828e8408a07d4e7f41d6", "24861f5c9aaff03c53d26557a121432f301634a385ae0ba664d93946cbd6886f", "4ef38e0020e81e9fdc3cdda6992b393f9e6d42faeeb5e10a8f4d5ba700616dda", "5eadf336a23578927871101d39f2f8308bbeb8e594c0fcfbf4270bf98d43b7f9", "a2c57f39ecdf7d5f2e0587105d5cf190a2b898e923adc0a7ae9e09d87b75d0fa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update Installer"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\UAZI SOFT", "value_name": "UaziVer"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Live Installer"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Windows Live"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Live"}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["2c8a6a17a11bcf9b8dab01050da6533b48ab76f29fc8ebb5da9992dc4479452c", "4393cab45474b74dc890378fa61647945657d038fe64190eb23852162753ca3f", "76a9213bf8ea3cb62a8b601fabba5b48dac25dc97f6f402f84f7f53632da0ad8", "796d0d3534834183fff86dfb1746f0f0b795dc3426498f6cfa61dcb6c67217ca", "956d2326b985c3c2c71f93a18a2f794085fcf337601b3d0889d27f7364e74dd5"], "key": "<HKCU>\\SOFTWARE\\UAZI SOFT", "value_name": null}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "1081297374"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1081297374"}, {"hashes": ["1c41b2136cb471a4d29f20f014055adfe0ea3d87425a1ae4d54b5edfd432f944", "20bba57fa897de92266594d7f7a150813d6ce0584fdd49dbc5d4b70ccf067e29", "8e1a18e879221b37209c0a2b35b9f1b9e1491f4e41b2bf94a51285870eb0aae0", "a930f88dbb0c181abb76fce685e49818dd311f384a4f44c49b2fd16e6ce46fa2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["34494f2156f70a0e64144ef4e2d70940bd85bb1eb6a5e99c0d36f60b0c1abe79"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "regedit.exe"}, {"hashes": ["872ddbd808f57c554500b793df067fab08a3bcc047c93bae7073d0f6263e48fc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "explorer.exe"}]}, "reports_count": 25}, "Win.Worm.Bifrost-7616408-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-blank-name", "hashes": ["eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "process-requested-softice", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "modified-executable", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "created-executable-in-user-dir", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-safe-categories", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-dns-category-dynamic", "hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-backdoor", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "mitre_attack_tags": ["TA0003", "T1112"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot\" to mark its presence in the system.", "hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "35314735dacde5ed36a13041730b236c3f28da999daf97133104ed94f68871ab", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367", "eabbb68ac096fc98f458702f027582678b1f1a30ccd2906749a2b7e6c0c07906", "fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a"], "iocs": {"domain": [{"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "host": "noip2010[.]no-ip[.]org"}, {"hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "host": "fisherman7[.]no-ip[.]biz"}], "file": [{"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "path": "%LOCALAPPDATA%\\Plugins"}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "path": "%System32%\\melt.bat"}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "path": "%LOCALAPPDATA%\\melt.bat"}, {"hashes": ["6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "path": "%LOCALAPPDATA%\\msmngr.exe"}, {"hashes": ["6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "path": "%System32%\\msmngr.exe"}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2"], "path": "%System32%\\notepad.exe"}, {"hashes": ["97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "path": "%System32%\\server.exe"}, {"hashes": ["97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "path": "%LOCALAPPDATA%\\server.exe"}, {"hashes": ["5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "path": "%LOCALAPPDATA%\\asd.exe"}, {"hashes": ["5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "path": "%SystemRoot%\\asd.exe"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "path": "%SystemRoot%\\svchost.exe"}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4"], "path": "%LOCALAPPDATA%\\notepad.exe"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "path": "%SystemRoot%\\msik"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "path": "%SystemRoot%\\msik\\logs"}], "ip": [{"hashes": ["ba31b4e7a721db8d3b079c0743b4e4e6adbcfe530a791744cdf7b5cdd306d5f2"], "ip": "64[.]136[.]20[.]37"}], "mutex": [{"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "name": "Slayer616"}, {"hashes": ["5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "name": "Slayer616sd"}, {"hashes": ["b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc"], "name": "Global\\226f1181-645a-11ea-a007-00501e3ae7b5"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "name": "IK 0.1 abcd"}, {"hashes": ["fb7e1166eb1e4b1f3271e021cee2665793bdb3b2db1ff82968344e6e99cf9a9a"], "name": "Global\\1e6abf81-645a-11ea-a007-00501e3ae7b5"}], "registry": [{"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33", "b802204ff5bf334e983b9e381fcfa7bb194e52b0555aaa07377b200ea1ef91dc", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM", "value_name": null}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "key": "<HKLM>\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{<random GUID>}", "value_name": null}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575", "d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "key": "<HKLM>\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{<random GUID>}", "value_name": "StubPath"}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4", "5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{148C1ECF-F60545E5-EB0CA10A-B38A5D8D}", "value_name": null}, {"hashes": ["6ebfdb8e89934a49a02b533eaaa76a02774ad33b5770e9e53f15c3b36125d4fe", "75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "msmngr"}, {"hashes": ["5a9a2ae4c1d467af8a4d65699690e30f36f5f594786f0a634cbeca9decc7eb64", "9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "adsasd"}, {"hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Server"}, {"hashes": ["9c53c6f1fbd45d41fc35fee55b8eff2de999810d9e8badd57049e31c55864575"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{2505916C-E76D01F7-E2A31315-8DEB3A25}", "value_name": null}, {"hashes": ["75ae1c44ce0cccb50f2cfa1ae4af0a57f04f171ea549777936b0c65a690310e9"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{05278E26-CF523E6A-93D15537-9405EBCB}", "value_name": null}, {"hashes": ["03588b072104ee63b08f72ddeb05e933cee1c849ec53193c68be00f9a0eee1c4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mmgsm"}, {"hashes": ["d40e4e29743c08fe7791cbae6045702609b36c27851c4d9363dda6a06debb367"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{6EA76536-5ADA1A27-998B3675-04E474F7}", "value_name": null}, {"hashes": ["97e568f19f12db25d52483605877423faf22e68f93528425a22259359b7fdc07"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{A049F1BF-0E5B7FB8-36DDD900-A0DA9D4E}", "value_name": null}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "key": "<HKCU>\\SOFTWARE\\OBSIDIUM\\{BE7623AD-F7DCECEB-73A96B84-5B001AFA}", "value_name": null}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4FZ8RK-15AQ-16NC-23OR4-2KE0FA051515}", "value_name": null}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4FZ8RK-15AQ-16NC-23OR4-2KE0FA051515}", "value_name": "StubPath"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["b147eb9a021fb51f6061fe35be5b7b58b86b6c8f58ac1b8577b795f2d9387c33"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}]}, "reports_count": 13}, "exprev": [{"count": 3414, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1227, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 578, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 303, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 145, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 106, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 68, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 36, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 11, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 8, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 8, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 8, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}, {"count": 7, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-03-20T16:13:27+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Worm.Bifrost-7616408-0", "Win.Malware.Emotet-7617328-0", "Win.Worm.Barys-7617456-0", "Win.Malware.LokiBot-7617469-0", "Win.Virus.Expiro-7619891-0", "Win.Dropper.Razy-7618625-0", "Win.Malware.Upatre-7618803-1", "Win.Trojan.Gh0stRAT-7623999-0"]}