{"Win.Keylogger.Gh0stRAT-7639975-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "deleted-submitted-file", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "audio-video-mutex-detected", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "feed-domain-rat", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "mitre_attack_tags": []}], "category": "Keylogger", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware.  The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "iocs": {"domain": [{"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "host": "www[.]wzbbk[.]com"}], "file": [{"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "path": "%SystemRoot%\\SysWOW64\\Ofwnf.exe"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "path": "%System32%\\Ofwnf.exe"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-zA-Z0-9]{4,19}'>.exe"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "path": "%System32%\\Qiyqh.exe"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "path": "%System32%\\Jbrja.exe"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "path": "%System32%\\Vnfvn.exe"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "path": "%System32%\\Meume.exe"}], "ip": [{"hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "ip": "49[.]232[.]147[.]19"}, {"hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "ip": "129[.]28[.]191[.]60"}, {"hashes": ["4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00"], "ip": "116[.]62[.]168[.]250"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "ip": "103[.]40[.]29[.]197"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c"], "ip": "123[.]207[.]217[.]39"}], "mutex": [{"hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "name": "129.28.191.60:99"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "name": "Global\\C:\\Windows\\SysWOW64\\Ofwnf.exe -acsi"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "name": "Global\\C:\\Windows\\SysWOW64\\Ofwnf.exe -auto"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "name": "eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-18"}, {"hashes": ["4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00"], "name": "116.62.168.250:24649"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "name": "Global\\C:\\Windows\\SysWOW64\\Qiyqh.exe -acsi"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "name": "www.wzbbk.com:90"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "name": "Global\\C:\\Windows\\SysWOW64\\Qiyqh.exe -auto"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "name": "Global\\C:\\Windows\\SysWOW64\\Jbrja.exe -acsi"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "name": "Global\\C:\\Windows\\SysWOW64\\Jbrja.exe -auto"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f"], "name": "Global\\\"C:\\TEMP\\74426e5601a2be774d802412bc5ffb26.exe\" "}, {"hashes": ["4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da"], "name": "Global\\\"C:\\TEMP\\b9b498d1449dc9d8b1e5e19577a55d2d.exe\" "}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c"], "name": "Global\\\"C:\\TEMP\\085535319e3e8fee5d2e9305ea41744d.exe\" "}, {"hashes": ["ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "name": "Global\\\"C:\\TEMP\\68bfcf72d8c5ddcdff6bc75226a0fa9f.exe\" "}, {"hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129"], "name": "Global\\\"C:\\TEMP\\0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129.exe\" "}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "name": "129.28.191.60:8000"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "name": "Global\\\"C:\\TEMP\\1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee.exe\" "}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "name": "Global\\C:\\Windows\\SysWOW64\\Vnfvn.exe -acsi"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "name": "Global\\C:\\Windows\\SysWOW64\\Vnfvn.exe -auto"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "name": "Global\\\"C:\\TEMP\\429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862.exe\" "}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "name": "Global\\C:\\Windows\\SysWOW64\\Meume.exe -acsi"}, {"hashes": ["cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1"], "name": "127.0.0.1:90"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "name": "Global\\C:\\Windows\\SysWOW64\\Meume.exe -auto"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "name": "Global\\\"C:\\TEMP\\b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9.exe\" "}, {"hashes": ["cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1"], "name": "Global\\\"C:\\TEMP\\cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1.exe\" "}, {"hashes": ["96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "name": "Global\\\"C:\\TEMP\\96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b.exe\" "}, {"hashes": ["ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00"], "name": "Global\\\"C:\\TEMP\\ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00.exe\" "}, {"hashes": ["f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "name": "Global\\\"C:\\TEMP\\f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97.exe\" "}, {"hashes": ["d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5"], "name": "Global\\\"C:\\TEMP\\d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5.exe\" "}], "registry": [{"hashes": ["0349a3917f7f5a79f7edb0b0573acefcda39e51db6ff44456e339e88f422c129", "0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "ef3cc441ee11f9326666dc18581d4a3cee96fd484015e270682fcd615ddb3f00", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\SELECT", "value_name": "MarkTime"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": null}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "Type"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "Start"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "ErrorControl"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "ImagePath"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "DisplayName"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "WOW64"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "ObjectName"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba", "cec2f434ca98c5f2cb8c75d2a63555bcef86f3f76b9f9d80a2872c5db35984a1", "d0184a84dc028d7a313e3d48196a11eddef87ffd82c526a9dd58c3617fe1f9c5", "f457b4ab788409f745d8319d2e4e3f206cc62e2a2c762a8c8011a70f7b3b7e97"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PHYPHX QIYQH", "value_name": "Description"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE\\DEVENUM", "value_name": "Version"}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE", "value_name": null}, {"hashes": ["0b8bfdfc86c77328ab77d67059f9baecee9c28d2f6a94a577744d79628b1488f", "4228b03f92fecdd4333d791397ea6dcf109b78ebd518165e5c424028511434da", "89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b", "ad6fe882f052ebdafc39bdd18253c6cd7b5c58bc1f6a8d5a6bd1bd96b41f3cba"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE\\DEVENUM", "value_name": null}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": null}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "Type"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "Start"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "ErrorControl"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "ImagePath"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "DisplayName"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "WOW64"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "ObjectName"}, {"hashes": ["89346a8fbd4d9fd02887a508c02e4d3a0b1f45dfa43672cf8dff84efef316a3c", "96958ac060ebd06583179b56c725ad1ddd3572a3120db1560c9d7dc4fa0ccd1b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SJBSJB SKCSK", "value_name": "Description"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": null}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "Type"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "Start"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "ErrorControl"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "ImagePath"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "DisplayName"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "WOW64"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "ObjectName"}, {"hashes": ["1519da1254aaa03c59e8edc5fb0b11d728f67295e7e4b51fb95b245db072dbee"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JBRJAR KBSKB", "value_name": "Description"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": null}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "Type"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "Start"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "ErrorControl"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "ImagePath"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "DisplayName"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "WOW64"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "ObjectName"}, {"hashes": ["429754600cdfa36788716ed54cac752e6d43271fb00301a6bb2331da7a925862"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VNFVNF WOFWO", "value_name": "Description"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": null}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "Type"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "Start"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "ErrorControl"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "ImagePath"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "DisplayName"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "WOW64"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "ObjectName"}, {"hashes": ["b593e9d6099969273c20ff379fd3cd62425ebbd2988ce2fcf29e00ae62db97d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MEUMEU NEVNE", "value_name": "Description"}]}, "reports_count": 13}, "Win.Malware.Kovter-7639915-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "wmi-process-create", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "process-long-cmdline", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "compound-vb-self-delete", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-tcp-connections", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "potential-registry-script-execution", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "registry-modification-reg", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "files-created-batch", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "startup-folder-modification", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-lnk-file", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "process-check-virtualbox", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "malware-kovter-registry", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "registry-script-detected", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1064"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1170", "T1064"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "mshta-in-registry", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1170"]}, {"bi": "file-handler-registration", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0003", "T1042"]}, {"bi": "network-private-ip-address", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-file-uploaded", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "process-hollowing-detected", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "http-response-client-error", "hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-obfuscation", "hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries that store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "iocs": {"domain": [{"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "host": "community[.]cambiumnetworks[.]com"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "host": "support[.]cambiumnetworks[.]com"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "host": "www[.]cambiumnetworks[.]com"}], "file": [{"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%LOCALAPPDATA%\\4dd3cc9"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%LOCALAPPDATA%\\4dd3cc9\\519d0f6.bat"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%LOCALAPPDATA%\\4dd3cc9\\8e98660.8ca9d793"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%LOCALAPPDATA%\\4dd3cc9\\d95adb9.lnk"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\91b4e51.lnk"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%APPDATA%\\b08d669"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "path": "%APPDATA%\\b08d669\\0b3c0b4.8ca9d793"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%APPDATA%\\db7a8a2b\\c2279a51.a7783664c"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fab2a7\\97eaf864.lnk"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fab2a7\\c0ce4682.bat"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fab2a7\\d5a938ef.a7783664c"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\d733235d.lnk"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.bat"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"}], "ip": [{"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "107[.]195[.]171[.]244"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "160[.]171[.]76[.]137"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "125[.]91[.]180[.]8"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "62[.]9[.]243[.]30"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "90[.]142[.]63[.]242"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "117[.]204[.]215[.]148"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "104[.]108[.]10[.]6"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "24[.]56[.]217[.]101"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "8[.]194[.]132[.]252"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "172[.]104[.]106[.]177"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "221[.]240[.]138[.]227"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "152[.]161[.]153[.]5"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "35[.]236[.]168[.]120"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "163[.]248[.]204[.]92"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "214[.]78[.]25[.]48"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "154[.]101[.]16[.]232"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "95[.]13[.]153[.]102"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "142[.]123[.]116[.]14"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "197[.]162[.]229[.]243"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "35[.]78[.]235[.]68"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "198[.]129[.]241[.]184"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "218[.]202[.]36[.]202"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "58[.]227[.]211[.]78"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "31[.]103[.]175[.]72"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "85[.]31[.]97[.]32"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "97[.]14[.]100[.]156"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "186[.]73[.]208[.]98"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "23[.]125[.]24[.]30"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "119[.]255[.]1[.]202"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "190[.]198[.]84[.]61"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "187[.]194[.]99[.]177"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "88[.]93[.]49[.]16"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "29[.]234[.]77[.]216"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "196[.]86[.]32[.]41"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "23[.]147[.]51[.]22"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "117[.]48[.]206[.]149"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "26[.]93[.]79[.]228"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "89[.]158[.]243[.]178"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "37[.]62[.]246[.]172"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "11[.]174[.]249[.]233"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "95[.]111[.]145[.]232"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "66[.]164[.]152[.]192"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "59[.]57[.]34[.]89"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "178[.]191[.]36[.]219"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "59[.]92[.]13[.]184"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "205[.]208[.]210[.]30"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "122[.]204[.]215[.]12"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "41[.]100[.]171[.]235"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "202[.]10[.]70[.]133"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "ip": "200[.]52[.]35[.]14"}], "mutex": [{"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "name": "EA4EC370D1E573DA"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "name": "A83BAA13F950654C"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "name": "Global\\7A7146875A8CDE1E"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "name": "B3E8F6F86CDD9D8B"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "name": "408D8D94EC4F66FC"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "name": "Global\\350160F4882D1C98"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "name": "053C7D611BC8DF3A"}], "registry": [{"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DisableOSUpgrade"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": "ReservationsAllowed"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ssishoff"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\.8CA9D793", "value_name": ""}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000vrxzdhbyv"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\C3B6167", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\C3B6167\\SHELL", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\C3B6167\\SHELL\\OPEN", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\C3B6167\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\.8CA9D793", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "tnzok"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "tnzok"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "usukxpt"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "usukxpt"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000fcbburq"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000fcbburq"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0387ecc13525f7329cf0b4d79f6240023d50ec7002af47e332368a993d2f95c7", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "25eaf7ca25ee7c06be07fc22352bd91ef125aec0933763ce04c67c596f2123d4", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "3eb0345c2a41792a516caa51999014cc9e8c7e53ef5ed6ea20525787b14f07c2", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4a8b07bfd16983e1f8e2d14a94a9168c611bce756224d743ff3296bd2abcc776", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "4ef387473afb36abf36d08aadf9f39037742a16fcbf3bd2d4dd864381a743435", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "a93ab3d1a19215193bfa00d3ad0b58fcf0b7b8da9a32b098f0d474c94cd5002a", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCR>\\C3B6167\\SHELL\\OPEN\\COMMAND", "value_name": ""}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["035896e185cf8d27061db297d45853ccedc46894e79deecaa86123e648f377ad", "0951461605ef7da241987d98d494b855396bd381b714c13cc08107e4c3e498bc", "249f44efb85445982dab8998d6b00781b1db14190846df9f80ce44a96e8db23a", "3534d51f5804b364c407bbf42bac2a699b1370419b9925b84be347b4a233e4b4", "3a7a90f6be48356cd67b4a7b97aedf3c1f40e9e3b65e7a3edcb44c32b40ca8d4", "41679b7733dc78a6374aa551b6fbcc42e75cbba8980ac996e1951379205c8cfc", "4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9", "5b942fc465c46a028c15d474ad5a8253c063b05782eb34d5c3bb2880b0c9249a", "71782ef55149996f840ab196737b6a583886510c9aee67c60590a8c926817913", "71ef1719ac24b4bee60317fd2e0d8701c9fa493ba12eeef6061d9de87a6fc909", "7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21", "a854a7dbb17476ab22ceb6279680e482d9cb84ec4536d76520d34f96a18c4c1b", "b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d", "e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1", "e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee", "eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e", "ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559", "fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["ec31224633e5a2063e0ce09114c0121e3d2d21ec049904a85c3955572f9e4559"], "key": "<HKCU>\\SOFTWARE\\RHAGNC", "value_name": "NOcl4ZwC4"}, {"hashes": ["b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d"], "key": "<HKCU>\\SOFTWARE\\IBQKH0Z", "value_name": "eFGBSU"}, {"hashes": ["b7c50b4f5ce92f7b54d1f3476ea8067570be9b6847e4883692a23bf6f482440d"], "key": "<HKCU>\\SOFTWARE\\IBQKH0Z", "value_name": "T1AEZZOGTW"}, {"hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21"], "key": "<HKCU>\\SOFTWARE\\8DTL0CTW", "value_name": "P86TbJKe"}, {"hashes": ["7f9ca203214eda9d648293c1350f4956ff6daa50f0c8cbe8817c734c7dfb7e21"], "key": "<HKCU>\\SOFTWARE\\8DTL0CTW", "value_name": "u2J7Gj"}, {"hashes": ["e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee"], "key": "<HKCU>\\SOFTWARE\\XSKD4X", "value_name": "SEySbHIfr"}, {"hashes": ["e6120b0d1134f72c259c6004f6847736bca71317215f860d5e9830c8b948f7ee"], "key": "<HKCU>\\SOFTWARE\\XSKD4X", "value_name": "TtEHKwX0"}, {"hashes": ["eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e"], "key": "<HKCU>\\SOFTWARE\\Q7ZTGUZLA", "value_name": "jv19W5"}, {"hashes": ["eaba10844cd9387a20782490d4d9d6b67b37a291429f80724fb39f3a4c3f0c5e"], "key": "<HKCU>\\SOFTWARE\\Q7ZTGUZLA", "value_name": "7wTBwees"}, {"hashes": ["feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "key": "<HKCU>\\SOFTWARE\\UMXQGQNM", "value_name": "0wmPi7"}, {"hashes": ["feda72c43ba1fadd7a0e3fabca0615181cd59c60c7ff158ff60eba4894d06388"], "key": "<HKCU>\\SOFTWARE\\UMXQGQNM", "value_name": "2L6ElwSPE6"}, {"hashes": ["fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\QHRFJAM", "value_name": "KL5fwz6y"}, {"hashes": ["fef030072d873d20736fa28f05d600f4cd90433722762c5513fec264a14635b2"], "key": "<HKCU>\\SOFTWARE\\QHRFJAM", "value_name": "EpwqGER2"}, {"hashes": ["4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "key": "<HKCU>\\SOFTWARE\\YHGCUT2D", "value_name": "8kyaIjltu6"}, {"hashes": ["4d5e8f0851775dd1cff08f6ca0c04017661ee818fa416f6bb96fd6bef6d5b6c9"], "key": "<HKCU>\\SOFTWARE\\YHGCUT2D", "value_name": "geECYxG"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "key": "<HKCU>\\SOFTWARE\\VIL6XWPOA", "value_name": "k4VxlQr"}, {"hashes": ["e587bf67046d0e10fcfe4f290438d299e87f05b0007f0c0188c6c5859f3ff0f1"], "key": "<HKCU>\\SOFTWARE\\VIL6XWPOA", "value_name": "cfW1lhy"}]}, "reports_count": 25}, "Win.Malware.Qakbot-7639597-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "cmd-exe-file-execution", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-qakbot-cmd-detected", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "windows-util-type", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0009", "T1005"]}, {"bi": "malware-qakbot-mutex-detected", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": []}, {"bi": "windows-util-type-read-write-exe", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0002", "TA0005", "T1202"]}, {"bi": "process-ping", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "process-long-cmdline", "hashes": ["fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Qakbot, aka Qbot, has been around since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.", "hashes": ["07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "bfeec7c3ca3bc799e9231939cbace565ff51df1dcc3a486d62142f9ee5a79aff", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "d81b0b347b11c82a8a54b8808ab030261d5c01455816529d459ac73a625b5d91", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "e14f6ac8e3ef2390f0a4c0ca41a6d95ebc130d60e2d5c7bf5af407b4c19b2a54", "e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "e65642a2967078ddc280f5cea0a47d138d2fc3394257d07d4fc89a09287bc3ca", "ebeb23d2b590e3e2d699f5cfc824dc7aee51ec2277c3519cdb286d2c688c47eb", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "ef3ceee3e97568493a28080cce1a4fba298dc11d1729ae942cca93a6338bd236", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "f8e82e2a5d7d6963d335fb0462b8d366cd5e211b2176022268e0616c774823f3", "f941b9b33e360acc1cc54e24797474cf18a82b3f564944e1b8c28f5f2461e4af", "fb07454bce5b919b8d71a4023c43d9b1846ee9886c492743b413958a2733378c", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb"], "iocs": {"domain": [], "file": [], "ip": [], "mutex": [{"hashes": ["07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "dc1454f5e1a314d82ed49388635b2fe70f266bb6e3cb20490664eb53b868a77a", "ddef0c03e59caa43550104aba46d3b2344054b29a13ef610f9fb7d7a2856207e", "e34698aac94f2581e4baafc43f92ef07cccb63c42d94e38aae56c5381be7a9b0", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb"], "name": "ocmwn"}, {"hashes": ["07d62f6174baf244d4244a02e8a294b058e7de63ae85d98143bb7894e4b567c5", "109ab64e16614ba537d5c94bf0d483bd12dc29b7fce2f7e7f90b5a930e48ed1d", "15f024e8436a6c74180179030fafca15c9fb015a9bc59be08acfc6dc6f089f27", "16d76436ea4e8ca0ac4cd63ed2f303a136e1c569a974fa387a58bb519f981c61", "192607412aa9950060d5fc3af15d7fca03733c68af1a025484c8b03405213664", "1eaba7611869a9ae608b7fdd9a9c4c83b9095b1f997403540e2bd0215abfb210", "2802e43bb36b3ca2bcaa0c0a82eaa3533de7eccc23d293064d2f05b1a3376ea2", "28ad9ce34cb28babb5206671b09fa934eb888a670352589121faaa8776d8915c", "2a044ab93c5848a17ff50caff5c7df09f6897bc1c2e533d7557900b9ca4fe90c", "2ee8e433202142602a8d0da72dcf87eaa40a0de3342860f0906c7c12cda044ce", "354e2e7f7901575e8106d554b14ec91d63960ec31106512a25fe0fafe0cecd0b", "485ba11a74527d8a360594194326b56951f761d392ab015b00221e11dc787a55", "5a0a1be6f219637e630403bb72671968b07f44e3f425a9a08ebc9e428d22c7aa", "611b9ae905e6affe8c83b736253e3d9332fef7cecf790fd98521ee9c52fa6a60", "787fd710a8c3c594127d806a59827c698ebba270fd70565d90b5d11fde4b421e", "8282870ed9abe67203a46375bf3334765fcd32e09606b11b5a72afae08b7387c", "83225a6e52ba0971c573c8842a1b64853b7c3dfc5f85b40e1dbafb5bf4710009", "85b92839a1a341a9a56e57e2a4f203dc3f3f94bf89492eec85ac9f6802666f88", "95f69245d00ab9909dc9f264f7884322aed3edf3ea8ad310a614b84037f58e63", "9afdcb7933213707c5661ef7bea0f2b63423976a78c8fe14e1ae41d1e1beb41d", "9c2814cd37a6bb19d0b70617a0547618b220bf8d747a3adf12e77dee0d61fbe7", "a8157c0326ed5972eedb4db921dc965787dea96aa00c9ffff73565449ab014b4", "acbebfe9e27426ebe482ecfda1d8c0a65db23171712ff259c4ef0ae00577674e", "b0d1a3e3ac6a8b7b5705264e6d230b91d24c13310f4f9feb431bda25468e66e6", "b328a894bbc68a0d386fe386ad6c46903761488ee415aa9f24b5bfc0a8ad2ec2", "cda301487c861a48c5a47be4cc28fb4a4f209e1f722a444a79a814cae3ecb3c4", "ec92a8c0580e0c2a392c18333e006a989baf8009e4c23226c60219602d477c93", "f71b5bba60a78a77ca93fd203c2e4d52a8516c21e881de7acca836c233457859", "fdb5b082dd9d187819ca87b95a6493a689eb81af90371272f94ebc7e4f6a5dfb"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}], "registry": []}, "reports_count": 32}, "Win.Packed.Cerber-7639400-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "netbios-query", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "http-response-client-error", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "compound-vb-self-delete", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "excessive-udp-connections", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "netsh-firewall-generic", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "feed-domain-ransomware", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-taskkill", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "randomly-named-files", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-redirect", "hashes": ["a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns this is no longer the case.", "hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0", "bd3b0a3968de25c5bf9f37253a4d3d46125e2f3070a8bc4cdc02a754531388a2", "d6d786ec73f3e162ad7d49d1907a68cb7ae9c904598a45967be1fe802cfda978", "ebaa5ea48c1559e088989ce32b5d28228ba9781df2b8a19461a41f5918fc25fb", "f944fb56b62a39f64ee94374a1289311e5887377adfb89258194d1a80035c3c8", "fae0ebbece1bd551afda19809f97fa24fa2f4b6f332e78e2955baddeed84183a"], "iocs": {"domain": [{"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "host": "bitaps[.]com"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "host": "chain[.]so"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "host": "btc[.]blockr[.]io"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "host": "p27dokhpz2n7nvgr[.]1cknbd[.]top"}], "file": [{"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "\\pc\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.hta"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.txt"}, {"hashes": ["209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "path": "%TEMP%\\<random, matching [a-z0-9]{8}\\[a-f0-9]{4}>.tmp"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "path": "<dir>\\<random, matching [A-Z0-9\\-]{10}.[A-F0-9]{4}> (copy)"}], "ip": [{"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "94[.]22[.]172[.]0/27"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "94[.]21[.]172[.]0/27"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "94[.]23[.]172[.]0/25"}, {"hashes": ["3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "104[.]24[.]104[.]254"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b"], "ip": "104[.]20[.]21[.]251"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "ip": "104[.]24[.]105[.]254"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "ip": "104[.]16[.]152[.]172"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "ip": "54[.]210[.]66[.]120"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "ip": "86[.]110[.]118[.]221"}], "mutex": [{"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990"], "name": "shell.{1DEF893E-C150-B52C-8B2C-18DC50905097}"}, {"hashes": ["796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907"], "name": "shell.{2FDB5C90-B702-B9F6-581F-2A38B9AEBDA1}"}, {"hashes": ["209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770"], "name": "shell.{3AFC1C93-3B52-BB89-3222-3835B13B7C57}"}], "registry": [{"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["09077ec797af4a647ff34fa731653347dae7613f068f493d933ec1f6950a9247", "0cb07839f09d24e4ec2258320931486b4090dc244e80b96735d7b2519e89a9e4", "209bf8bd0a615f18c736ebbfed21d130133ac6183cb30e7c9476284d3ee44770", "2f2a9a138bf2cdd6f99600416e268b55e00b1fefbd1fd314f6985dc347dd7990", "3212da866b96a028d6af81e867310377986f24a940f0c5dcd6b9251012522021", "323e0c1bfd71bcbe425cd22c66e112e292a446d17397b58569f4400694e167a1", "37881db507acd974cc7541166d07836587b90402295da8b382b3d1eac25658be", "3f0a2e1af4172fbb21ee8c05492366c6b288e34e4493691f2e58b08e38d9ef1d", "42cdc6c8453c7899136514ca43e78526099d8fa1f6f38e069feb197da446942e", "4383c3e3ea0b0e043cb27e98f728e260365ae3071f7aba4f8af2c69cccf85c55", "4969df214806f0274642e3462f112c16c004c666e6a4bf9bc60005722e9c2141", "51554ca7c8e4883a7979e37b472806ad8e0c981c79b2431e6c2d431545bb14b9", "558df290e6ff5564642aa136f462ff7ff6f53677968e9df229a3a408543f940e", "5981af7da90f6bcae0f9fbaedb0b69ef00a73ba1ea487103c336ef61446fa27e", "5a4f15e637c5e63338b6394c8cfafc04ac54f594b97c46277ae5edadff6fa069", "5c901b13b46847f1d4bb2b4d4292e44c29737ccbd9e347d69d68474d3b41183a", "648e76ecbcff48d4fb1575667d40ae54c12017e6e766c4daa237429c08d086de", "6eca27a83d17debed9c95d2317cb50c81c2ec03f986d4bf2f2c3463c55c701c7", "796efe29425e2070a5b0bec32d90049e9f5328dafa5de40922e2bcfc9fc02907", "90edc137227383ee494b07284329056ea6dd5aa9973ae95b90ef6cea5f9bc3a6", "9736aed4f6d6fc4438ba480467a8640031accb35e015fd11d15a17dbd83a4a99", "a824d6c80bd010fffe55af79d1c11e10a019af4449cca5c6f65c89a107b8bb6f", "aaf2a8e3635036c86e08a711c2570cddadde8695cbc1c82c4f25f0d915c9694b", "acf13070fd1d9753525a552bc9a1b90647bb508a60c5f41118d6466b02ee6bf4", "b8d066b33d9ddd988902aea7a0dfee9423f8437509f212f6e7d41ff5d98076d0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}]}, "reports_count": 25}, "Win.Packed.njRAT-7639941-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": ["TA0005", "T1112", "T1089"]}, {"bi": "registry-parseautoexec", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "created-executable-in-user-dir", "hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "registry-autorun-key-modified", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "firewall-exception-user-dir", "hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-fast-flux-domain", "hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "mitre_attack_tags": []}, {"bi": "network-private-ip-address", "hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "startup-folder-modification", "hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-domain-rat", "hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-safe-categories", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": []}, {"bi": "compound-netsh-firewall-add-windows-directory", "hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089", "T1036"]}, {"bi": "process-long-cmdline", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-hide-files", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "pe-filename-mismatch", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "files-deleted-used-batch", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "rfc1918-ipaddress-detected", "hashes": ["8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "mitre_attack_tags": ["TA0003", "T1060"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "602514647d9daddb845d3acd3afb2bb225f5a8b3ac0c35bb364fc1a4299f696c", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "iocs": {"domain": [{"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "host": "turalqeribov[.]duckdns[.]org"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "host": "flukez[.]ddns[.]net"}, {"hashes": ["8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416"], "host": "dnessss2[.]o-r[.]kr"}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "host": "codertricks[.]zapto[.]org"}], "file": [{"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "path": "%TEMP%\\server.exe"}, {"hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb"], "path": "%TEMP%\\Trojan.exe"}, {"hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb"], "path": "%TEMP%\\Trojan.exe.tmp"}, {"hashes": ["5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "path": "%TEMP%\\chrome.exe"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "path": "%TEMP%\\System32.exe"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "path": "\\autorun.inf"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "path": "E:\\autorun.inf"}, {"hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "path": "%TEMP%\\System32.exe.tmp"}, {"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Java update.exe"}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "path": "%TEMP%\\taskmgr.exe"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\c10707a21a59b1e966a9cca0ecfce04c.exe"}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b9167ae51154e9339dff486161a9e100.exe"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "path": "E:\\b37ff8c98af383ee45f9778f519d2e9b.exe"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b37ff8c98af383ee45f9778f519d2e9b.exe"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "path": "\\b37ff8c98af383ee45f9778f519d2e9b.exe"}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "path": "%APPDATA%\\Toxicity.exe"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "path": "%System32%\\Tasks\\'wnd'"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "path": "%TEMP%\\tmp5DCE.tmp"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "path": "%TEMP%\\tmp5DCE.tmp.bat"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "path": "%APPDATA%\\wnd.exe"}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "path": "%SystemRoot%\\Venom Cracked.exe"}], "ip": [{"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc"], "ip": "194[.]135[.]164[.]55"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "ip": "171[.]5[.]185[.]230"}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "ip": "141[.]255[.]158[.]154"}], "mutex": [{"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "name": "<32 random hex characters>"}, {"hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb"], "name": "5cd8f17f4086744065eb0992a09e05a2"}, {"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259"], "name": "Windows Update"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "name": "b37ff8c98af383ee45f9778f519d2e9bSGFjS2Vk"}, {"hashes": ["8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416"], "name": "1065552f4f"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "name": "yugxazvexwl"}], "registry": [{"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb", "de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771", "210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359", "5ab3dde4185b9b109d9c1a8cdba2ee1f5bb6aaf75ce4b09d40fe92ec7d54b255", "648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6", "6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61", "8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416", "95bc2ab5884bc8e25681c970f674419022679fefe9ec67a1ad911301cae98cdc", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8", "afacec426aaab0ecf43b22ba5423e832dc4beb8d2f2ab0921f67e4edc36f4be5", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303", "e5745d4847ff4e2e8579941dc71be4e504d2f8dba8bd9bf855d07dc50b18e259", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": "[kl]"}, {"hashes": ["05001ce89029f5974b64fa46f439484f4034f60f21d4adc9eb63fa507ac7103e", "a0dccbbc4375dcd789d3e0f1746976c2a2c6517318a08441743aae33ef9ba4db", "c7f510ecd9eff2abc8be5722d9fdfd59608578bedc6cfb27bb8afaf38e7b1a76", "f566e926930498e19a716c701c730a18000790892169d9b861f5faae65a39945"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": null}, {"hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5cd8f17f4086744065eb0992a09e05a2"}, {"hashes": ["47b0d16c5b911da50d8325e8b8ec9c6abd4f151e0dc744542e7175f051c09faa", "d0608737325eb93b3ae9cf9e1016b603d75aa9c544d2bf23c5646e490fe802db", "d4fa6c44916804082502736a9be90ae252a49c0c80a699edf79f8bdd280768cb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5cd8f17f4086744065eb0992a09e05a2"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["ca68e17a129ce3b0929f9b219a18f27a890b89deaaef050f6a9394ab91d2f514"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\CRYPTOGRAPHY\\AUTOENROLLMENT", "value_name": null}, {"hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2320633bbd5b9c41d628d6d2b760a34d"}, {"hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2320633bbd5b9c41d628d6d2b760a34d"}, {"hashes": ["1719ba522fe3158520cc839498e86b7c647f9bc8705668e1b1790a953a16383f"], "key": "<HKCU>\\SOFTWARE\\2320633BBD5B9C41D628D6D2B760A34D", "value_name": null}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "key": "<HKCU>\\SOFTWARE\\C10707A21A59B1E966A9CCA0ECFCE04C", "value_name": null}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "c10707a21a59b1e966a9cca0ecfce04c"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "c10707a21a59b1e966a9cca0ecfce04c"}, {"hashes": ["0a0b65e6b0752fb57629841bd87c2bf7674e6431bdc4471e1d7137b293e0e771"], "key": "<HKCU>\\SOFTWARE\\C10707A21A59B1E966A9CCA0ECFCE04C", "value_name": "[kl]"}, {"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["210f57f483863b267c2a287a71547e3d0d25a1525640355b6686a1559f3de359"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "key": "<HKCU>\\SOFTWARE\\B9167AE51154E9339DFF486161A9E100", "value_name": null}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b9167ae51154e9339dff486161a9e100"}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b9167ae51154e9339dff486161a9e100"}, {"hashes": ["648681c9af61f53e85cd00c480545c5ff1ae7218ecfabee4333ed6ffc584a6d6"], "key": "<HKCU>\\SOFTWARE\\B9167AE51154E9339DFF486161A9E100", "value_name": "[kl]"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\B37FF8C98AF383EE45F9778F519D2E9B", "value_name": null}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\B37FF8C98AF383EE45F9778F519D2E9B", "value_name": "hp"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\B37FF8C98AF383EE45F9778F519D2E9B", "value_name": "i"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b37ff8c98af383ee45f9778f519d2e9b"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b37ff8c98af383ee45f9778f519d2e9b"}, {"hashes": ["6ea3096576f09909336dacf9cc7163df34768f92deb5132a73c70718dd3f6d61"], "key": "<HKCU>\\SOFTWARE\\B37FF8C98AF383EE45F9778F519D2E9B", "value_name": "kl"}, {"hashes": ["8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416"], "key": "<HKCU>\\SOFTWARE\\1065552F4F", "value_name": null}, {"hashes": ["8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416"], "key": "<HKCU>\\SOFTWARE\\1065552F4F", "value_name": "[kl]"}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "key": "<HKCU>\\SOFTWARE\\7D66AEF195F3D3E409E0B5AA59E25D63", "value_name": null}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7d66aef195f3d3e409e0b5aa59e25d63"}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7d66aef195f3d3e409e0b5aa59e25d63"}, {"hashes": ["a13c140e8da040d37c6da15158aff9dca48bce93d2cff19b42b929d08e6c05f8"], "key": "<HKCU>\\SOFTWARE\\7D66AEF195F3D3E409E0B5AA59E25D63", "value_name": "[kl]"}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "key": "<HKCU>\\SOFTWARE\\7609BC84EA43298B5707821B04687DBB", "value_name": null}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7609bc84ea43298b5707821b04687dbb"}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7609bc84ea43298b5707821b04687dbb"}, {"hashes": ["de15307dc645288387fbd674a435abe1ead1153ddb2fd7a479b068ff5b3b8303"], "key": "<HKCU>\\SOFTWARE\\7609BC84EA43298B5707821B04687DBB", "value_name": "[kl]"}]}, "reports_count": 21}, "Win.Trojan.DarkComet-7640000-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-imports-empty", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "created-executable-in-user-dir", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "windows-util-attrib-hide", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "file-attribute-modification", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "disables-security-center-notifications", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "malware-known-trojan-av", "hashes": ["e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "malware-darkcomet-detected", "hashes": ["e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "mitre_attack_tags": []}, {"bi": "registry-editor-disabled", "hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-protocol", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-calls-activex-object", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-dynamic-domain", "hashes": ["99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-dos-header-pages", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "modified-file-in-system-dir", "hashes": ["ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "iocs": {"domain": [{"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "schema[.]org"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "www[.]google-analytics[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "stats[.]g[.]doubleclick[.]net"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "github[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "ajax[.]aspnetcdn[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "avatars1[.]githubusercontent[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "az725175[.]vo[.]msecnd[.]net"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "aka[.]ms"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "avatars3[.]githubusercontent[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "developercommunity[.]visualstudio[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "static[.]docs[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "cdn[.]speedcurve[.]com"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "host": "w[.]usabilla[.]com"}, {"hashes": ["99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463"], "host": "jonimarelli[.]servegame[.]com"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d"], "host": "zikalol2[.]zapto[.]org"}], "file": [{"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "path": "%TEMP%\\MSDCSC"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "path": "%TEMP%\\MSDCSC\\msdcsc.exe"}, {"hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "path": "%HOMEPATH%\\My Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc"], "path": "%TEMP%\\e017_appcompat.txt"}, {"hashes": ["29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "path": "%TEMP%\\E510.dmp"}, {"hashes": ["99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463"], "path": "%TEMP%\\Grow"}, {"hashes": ["99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463"], "path": "%TEMP%\\Grow\\Grow.exe"}, {"hashes": ["ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "path": "%SystemRoot%\\SysWOW64\\32"}, {"hashes": ["ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "path": "%SystemRoot%\\SysWOW64\\32\\Skype.exe"}, {"hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc"], "path": "%TEMP%\\E399.dmp"}, {"hashes": ["29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "path": "%TEMP%\\e308_appcompat.txt"}, {"hashes": ["ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "path": "%System32%\\32\\Skype.exe"}], "ip": [{"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "151[.]101[.]0[.]133"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "152[.]199[.]4[.]33"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "20[.]36[.]253[.]92"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "104[.]107[.]7[.]25"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "23[.]54[.]213[.]99"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "104[.]71[.]177[.]26"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "140[.]82[.]113[.]4"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "172[.]217[.]197[.]154/31"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "172[.]217[.]7[.]142"}, {"hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "ip": "151[.]101[.]2[.]217"}, {"hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "151[.]101[.]194[.]217"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "ip": "151[.]101[.]128[.]133"}, {"hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "151[.]101[.]192[.]133"}, {"hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "ip": "34[.]232[.]187[.]93"}, {"hashes": ["fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "ip": "84[.]52[.]118[.]141"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540"], "ip": "52[.]201[.]110[.]209"}], "mutex": [{"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "name": "DCPERSFWBP"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "name": "Local\\https://docs.microsoft.com/"}, {"hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc"], "name": "Global\\7863f981-6ddc-11ea-a007-00501e3ae7b5"}, {"hashes": ["29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378"], "name": "Global\\79aa92e1-6ddc-11ea-a007-00501e3ae7b5"}], "registry": [{"hashes": ["2369a5adafb1e7638129c3a88618181d3f2631db294a756db6c67b9d42df53cc", "29545b82f6844da0d79a913b5214e54fb71106537a58a5a468ce023343a97378", "2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "e4c53a4b839120f91389b6f213c842bf72eb025d8223e51e5e56906c1d2d548a", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806", "fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": "NoControlPanel"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION", "value_name": null}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": null}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd", "ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableRegistryTools"}, {"hashes": ["2fd395b30b86d9a581310557f908d4b19a9b035f7acecd739a165da6d025d43d", "aa022b45cd91bb4e550aa3d457708bb69f03336537723852a1451ad1248f60dd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["3a5bb256aef856f44fd6e293586869409bd727731e9b442d5412e1ca3e143540", "77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}, {"hashes": ["77e0531c6de10fb7054e71ccf0e73b88a1cee7671113ce0af6507e5f2accd5c7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MEDIAPLAYER\\HEALTH\\{56984C04-4C8B-4BF3-9951-06E1EB24F1D5}", "value_name": null}, {"hashes": ["99c893552fa81761b595ea123d777b7af53404402ffebb86a6fd05f59dc9d463"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Grow"}, {"hashes": ["ad9f6eae01dc15e33e508a8f9f47c40c0b7e02a5363e3f4788d6205748b97806"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Skype"}, {"hashes": ["fcc76502ae2602ca8a42120c79929367220f54e34594c66be23e1e15f9637c5e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WmpUpd"}]}, "reports_count": 10}, "exprev": [{"count": 5814, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 4645, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2790, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1025, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 144, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 140, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 94, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 40, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 10, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 7, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-03-27T21:52:57+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Trojan.DarkComet-7640000-0", "Win.Keylogger.Gh0stRAT-7639975-0", "Win.Packed.njRAT-7639941-1", "Win.Malware.Kovter-7639915-0", "Win.Malware.Qakbot-7639597-0", "Win.Packed.Cerber-7639400-0"]}