{"Win.Dropper.Bifrost-7646061-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "modified-file-in-user-dir", "hashes": ["3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot.\"", "hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "bc2b3f6cc16b154164bc98c9176867569ca11250e0329657691bea7d44129b6a", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891", "d9b8ba2c46c62e6eccb27181e93a587c0689778e9cfdd0c753c51a4a0dbd3295", "dae94070048b8ef8b76b52500a61c683572353cc6e4e312ecad9e544547a0a83", "de3efa3e24d50ca69dcaada62dd8e68b417d98014f465b269d8dece4ff90688e", "e31dbe1187558047f7596f7cd39efd25b52c7365d7c4fa9b08477ef863415a58", "ecf816c1bb914ec2960fd099ef5b953083e5fea9f3e1ba1c92313409ea9acf8d", "f5a54d92b4ab04e06f1db4c40929e0e7fba5a54b4f8a9423b4a3611b8b182a6f"], "iocs": {"domain": [{"hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425"], "host": "hooogo[.]no-ip[.]biz[.]example[.]org"}, {"hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425"], "host": "hooogo[.]no-ip[.]biz"}, {"hashes": ["7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56"], "host": "hmada12[.]hopto[.]org"}, {"hashes": ["7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1"], "host": "tt00[.]dyndns[.]tv"}], "file": [{"hashes": ["26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc"], "path": "%ProgramFiles%\\Bifrost\\server.exe"}, {"hashes": ["1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453"], "path": "%APPDATA%\\addons.dat"}, {"hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089"], "path": "%System32%\\Bifrost\\server.exe"}, {"hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9"], "path": "%APPDATA%\\addon.dat"}, {"hashes": ["6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453"], "path": "%System32%\\BifroXx\\server.exe"}, {"hashes": ["c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891"], "path": "%SystemRoot%\\Bifrost\\server.exe"}, {"hashes": ["1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2"], "path": "%ProgramFiles%\\Messanger\\msmsng.exe"}, {"hashes": ["1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84"], "path": "%System32%\\system\\service.exe"}, {"hashes": ["78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45"], "path": "%ProgramFiles%\\system\\update.exe"}, {"hashes": ["7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56"], "path": "%System32%\\rar\\rar.exe"}, {"hashes": ["7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1"], "path": "%ProgramFiles%\\s\\s"}, {"hashes": ["8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec"], "path": "%SystemRoot%\\Systeem\\wider.exe"}, {"hashes": ["92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9"], "path": "%SystemRoot%\\Abox\\Abox.exe"}, {"hashes": ["c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6"], "path": "%System32%\\EFE\\server.exe"}], "ip": [], "mutex": [{"hashes": ["1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "26f8ac7c0e5ce20236f620626e967341f66a964e44171044e55b9c6e6b0fc3cc", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "45f75168cd2406ad42de08ec947dec6b830e361adb9ad2396d745a3574fdb923", "6bda38bae1c2c305b027585ccffd0f0691ee4e510f48ccc1081618c31e057089", "6dfe7fb5fc75e608a2106baddd9378ac4c2d9b7715a545eb1cb1910ca26bb9d0", "7044d4bb2fa9250273b8ea6e2756543c2f3497d0d34f0d356564036ab497dabd", "78be4588e7832c920481be3300f5a1dd736da8053fa29bcbcff3099372401d45", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "90af2937996cc108830d17de11a0ce22a85e5aa3e8ff2dabd144ed06c0e5b453", "9b81ef249282a5efa153cbff0a8bc35400b988e62f0abb302b5d2aea3774df6d", "bef564e94ffad1d690074b48a1a6b13dc2e54ab9dbe9a5e1a1aa49ecbbce10dc", "c90e8c0caae6c2473a2bcaeae7f4ac91ecbe22ef5100d4ffb906778f6da0c891"], "name": "Bif1234"}, {"hashes": ["08fdfed56d5ca9274555a3557a8d90e46d2fc0f51a303cdbfcf9f6f0f02af425", "1566c4b5ab82ac5b9981804685f22eca27416c9df2033ab8592d4e63137c5b84", "2cae12c86eebcd6478fad83152f58259981db201700ef08e2807537a06b3efb8", "311823de7919dc62a7baf3cdd69151870b2d3d2545e611f56fd9549830c0041b", "3dd709b22263b2eb0564c21da2b3c56b8b2835140d709d4ded97abfa59912f74", "5af33e1803067cf1e644e15b8086f5e4ad90f3f1f85679bc8f76b369dcc22385", "7d4d8d9019ff282ac2e376fe3e6ef67a226dc0429fa8f9c2c4c243d65ff6af56", "8f0bb1f502d5030375d29a331bb3735961912b0ba045a336941f2e11adcac8ec", "92f064f07df057fcf5bd5dff20d765c8fb92edab44b5edc8f6b43075a1fdf2a9", "c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6", "c7f08da9966bd414e421890f364f23bd88e3770291fbf76543403247b94a12b0"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["7244f359907615896962b325dcf37fdb072dbdff9b329b8b517c2996451c110a"], "name": "java"}, {"hashes": ["1391ecd4de2de1fd88115e7d1ef764347b6a89bc0f3b81fb57d239cb473c4aa2"], "name": "dec"}, {"hashes": ["7e8d5840ccd0fbbcbe99921b7abde72296d3f31717e9ca9de153c06a1d38b4e1"], "name": "s"}, {"hashes": ["c6ccb432a993f2d2a2a1fc591b555575e671b1e8a1e6569564d9c8b9a60527a6"], "name": "FGEW"}], "registry": []}, "reports_count": 25}, "Win.Dropper.Remcos-7647550-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005", "T1130"]}, {"bi": "modified-file-in-user-dir", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "created-executable-in-user-dir", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "potential-registry-persistence", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "vbs-calls-shell", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "network-snort-protocol", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "process-check-ucbrowser", "hashes": ["858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f"], "mitre_attack_tags": ["TA0007"]}, {"bi": "network-file-uploaded", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-dns-upload-file", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "enumeration-browser-information", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "compound-vb-self-delete", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "malware-remcos-mutex", "hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "modified-file-in-program-dir", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "malware-formbook-mutex-detected", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": []}, {"bi": "desktop-screenshot", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": ["TA0009", "T1119"]}, {"bi": "network-explorer-process", "hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "network-dns-malicious-snort", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-snort-malware", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "http-response-redirect", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": []}, {"bi": "malware-guloader-traffic-detected", "hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "modified-file-in-system-dir", "hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-netwire-rat-registry", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "mitre_attack_tags": []}, {"bi": "malware-netwire-mutex", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-process-creates", "hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-with-multiple-children", "hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "hosts-file-modification", "hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "mitre_attack_tags": ["TA0011", "TA0005"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "iocs": {"domain": [{"hashes": ["94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831"], "host": "doc-10-68-docs[.]googleusercontent[.]com"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "host": "www[.]mediafire[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]allixanes[.]com"}, {"hashes": ["5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075"], "host": "doc-04-1s-docs[.]googleusercontent[.]com"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "host": "doc-0k-8o-docs[.]googleusercontent[.]com"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "host": "malu1234[.]duckdns[.]org"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb"], "host": "erunski22[.]ddns[.]net"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "host": "doc-0o-50-docs[.]googleusercontent[.]com"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "host": "barrywill[.]hopto[.]org"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "host": "doc-0g-5o-docs[.]googleusercontent[.]com"}, {"hashes": ["7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f"], "host": "doc-0k-2o-docs[.]googleusercontent[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]999-proxy[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]ontariobrokers[.]info"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]djinteriorsdelhi[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]software[.]services"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]sspifgmcputactn[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "hmhxvw[.]dm[.]files[.]1drv[.]com"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "host": "www[.]mindfulmomentschildren[.]com"}, {"hashes": ["858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de"], "host": "doc-10-38-docs[.]googleusercontent[.]com"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "host": "download1642[.]mediafire[.]com"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "host": "chacert[.]gq"}, {"hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "host": "fusionfiresolutions[.]com"}, {"hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "host": "alljobnew[.]duckdns[.]org"}, {"hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "host": "elintec[.]site"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "host": "doc-00-2g-docs[.]googleusercontent[.]com"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "host": "odogwuone[.]ddns[.]net"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "host": "doc-0k-ak-docs[.]googleusercontent[.]com"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "host": "afuxkg[.]sn[.]files[.]1drv[.]com"}], "file": [{"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "path": "%HOMEPATH%\\subfolder1"}, {"hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "path": "%HOMEPATH%\\subfolder1\\filename1.exe"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%APPDATA%\\remcos\\remcos.exe"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%HOMEPATH%\\subfolder1\\filename1.vbs"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "path": "%SystemRoot%\\SysWOW64\\WIN.exe"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "path": "%HOMEPATH%\\DISTANTTJE\\ungk.exe"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%ProgramFiles(x86)%\\A6lgd7bmx\\mfcwbphud.exe"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%TEMP%\\A6lgd7bmx\\mfcwbphud.exe"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%APPDATA%\\-29MRC85\\-29logim.jpeg"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%APPDATA%\\-29MRC85\\-29logrc.ini"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%APPDATA%\\-29MRC85\\-29logri.ini"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "path": "%APPDATA%\\-29MRC85\\-29logrv.ini"}, {"hashes": ["b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98"], "path": "%HOMEPATH%\\maysi\\MIDDELHA.exe"}, {"hashes": ["b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98"], "path": "%HOMEPATH%\\maysi\\MIDDELHA.vbs"}, {"hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "path": "%HOMEPATH%\\Butyr"}, {"hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "path": "%HOMEPATH%\\Butyr\\Forfje2.exe"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%HOMEPATH%\\aggressor\\en-US\\Maksim5.exe.mui"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%HOMEPATH%\\aggressor\\en\\Maksim5.exe.mui"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%HOMEPATH%\\aggressor"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%HOMEPATH%\\aggressor\\Maksim5.exe"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "path": "%HOMEPATH%\\aggressor\\Maksim5.vbs"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%HOMEPATH%\\subassembl"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "path": "%HOMEPATH%\\subassembl\\Vivifyin.exe"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "path": "%HOMEPATH%\\Indi\\PROTET.exe"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "path": "%HOMEPATH%\\Indi\\PROTET.vbs"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "path": "%HOMEPATH%\\Indi\\en-US\\PROTET.exe.mui"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "path": "%HOMEPATH%\\Indi\\en\\PROTET.exe.mui"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "path": "%HOMEPATH%\\Indi"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%APPDATA%\\remcos\\en-US\\remcos.exe.mui"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%APPDATA%\\remcos\\en\\remcos.exe.mui"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%HOMEPATH%\\Roderi2\\Blephilli.exe"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%HOMEPATH%\\Roderi2\\Blephilli.vbs"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%HOMEPATH%\\Roderi2\\en-US\\Blephilli.exe.mui"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%HOMEPATH%\\Roderi2\\en\\Blephilli.exe.mui"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "path": "%HOMEPATH%\\Roderi2"}], "ip": [{"hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "ip": "172[.]217[.]15[.]110"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "ip": "172[.]217[.]5[.]238"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "ip": "172[.]217[.]12[.]225"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "ip": "13[.]107[.]42[.]12/31"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "ip": "69[.]172[.]201[.]153"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb"], "ip": "37[.]235[.]1[.]174"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "ip": "50[.]63[.]202[.]36"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "ip": "199[.]34[.]228[.]77"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "ip": "162[.]213[.]250[.]169"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "ip": "185[.]244[.]30[.]160"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "ip": "172[.]217[.]13[.]238"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "ip": "172[.]217[.]13[.]78"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "ip": "104[.]16[.]203[.]237"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "ip": "104[.]16[.]202[.]237"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb"], "ip": "197[.]211[.]61[.]125"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "ip": "172[.]217[.]2[.]97"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "ip": "129[.]56[.]66[.]174"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "ip": "46[.]243[.]147[.]194"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "ip": "199[.]91[.]152[.]142"}, {"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36"], "ip": "162[.]213[.]253[.]111"}, {"hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "ip": "205[.]196[.]23[.]238"}, {"hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "ip": "185[.]244[.]30[.]20"}, {"hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "ip": "192[.]119[.]73[.]83"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "ip": "94[.]176[.]239[.]112"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "ip": "185[.]140[.]53[.]74"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "ip": "102[.]89[.]0[.]67"}], "mutex": [{"hashes": ["a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "name": "-"}, {"hashes": ["36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb"], "name": "Global\\{78f8a460-2216-4e00-8cae-252697ff525b}"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "name": "Remcos-II110E"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "name": "Global\\{a91f0fcf-4051-435b-85ec-194757edd2f7}"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "name": "-29MRC85DD6YDCzK"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "name": "S-1-5-21-2580483-1060295486867"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "name": "S-1-5-21-2580483-12362119009485"}, {"hashes": ["d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "name": "Global\\{66ec315a-513c-44c6-9688-3a64b75ae830}"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "name": "Global\\{24730ac6-f6b1-4e60-aa34-9f0b30116b9c}"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "name": "Remcos-QGW5O7"}], "registry": [{"hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "36c4c04aad12204e27c93c0290d6b2631ea4c9bc5b00a82f568bf19d06102efb", "3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81", "5ad7f958b382b25cd6548572e47017664418ee90b7d4837f4e2dc9f16699a075", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd", "7101d4eb887906b49ee0cdc206e1b440ccf31c1a241ecebe36f98f8b23b8b20f", "80ae7bd2afe2c1f42275559f09fb57989b6b434ccf1293c050b65b7f8dd35d2b", "858ac8419ed4af5f66b11a1c4bb62568b3d9674709bad657ef8064111464d5de", "93f2cd9c31465042b81b0a170b71333c6b86a4caef7e1f968d70051d68937137", "94d901f0071b8b1108e5fdb04cb90816f14d3b0daee74306626f4249a0de6432", "a682315c0009390e82de3b37ddf8daf1d46cfece8fb5e136cb9e9abedad72831", "a70ff26de7e920bc32a9d1b3f58cfddb47487cce2f67b14578f5071a02163e36", "aa94739674b23c2aadf3aca9c23fa21c50ec1a7b593c01c00b3db075843d7a43", "ac55c5cd2c912812a818fab1a70821eea21c50ce12231f3b206e194b3491ca13", "b10b7f3136cda4f2dd355c9fc3dde494f77780f5906701e837ea196bad52b9f0", "b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98", "e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7", "e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead", "ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}, {"hashes": ["1df1f90da9a07dfe25f0368fc24830fd1513e938c590e9ca6cfbe422dcfedc38", "615bf9fca338afb3a5e401f285cc055bb6a1e9b3e20476f199d2f102cf83819b", "7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d", "d454dfd7f50942a0d455b746c0a94430937a14b46289e5032029dfb8cb675c1a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Startup key"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\5309EDC19DC6C14CBAD5BA06BDBDABD9", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\82FA2A40D311B5469A626349C16CE09B", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\8503020000000000C000000000000046", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9207F3E0A3B11019908B08002B2A56C2", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9E71065376EE7F459F30EA2534981B83", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\A88F7DCF2E30234E8288283D75A65EFB", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\C02EBC5353D9CD11975200AA004AE40E", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\D33FC3B19A738142B2FC0C56BD56AD8C", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DDB0922FC50B8D42BE5A821EDE840761", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DF18513432D1694F96E6423201804111", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\ECD15244C3E90A4FBD0588A41AB27C55", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\CALENDAR SUMMARY", "value_name": null}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{QM370X7L-L47Y-C2QN-0HQ0-842M8A5L0144}", "value_name": null}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{QM370X7L-L47Y-C2QN-0HQ0-842M8A5L0144}", "value_name": "StubPath"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["3ba199158454be2273d267b713830d5030e8eeb135128ea46215a7588eda7a81"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WIN.exe"}, {"hashes": ["67b208955dec64875178fbfde2a9da0348e8e1b381a7b835a7b33cbba28926fd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "MALK"}, {"hashes": ["7a28c7e566782d52933c00c9458dad8985aa85710b0d36c97e0caaef9917e31d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "YLRDORP8FZX"}, {"hashes": ["a424576929015a8c5aa75fcc71991c0253b3551c7e8b1e2b523d012b5e19a973"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}, {"hashes": ["b5593ceb7aefdd5dafe1df2991b64461525445026b716f974158267dfa514a98"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "LSGNGERES"}, {"hashes": ["df34cfa12098874ae8a9d3107ccb82f1870a3d1ee8f8d4f6661cfc8bf1e39bed"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "simplifice"}, {"hashes": ["e2571d8311872b68b19bd472f47cc69bda0e9910f6b7df1ddefc4183a1e133f7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Attacham3"}, {"hashes": ["e5dfb22ca69c64e0cdef6f039041178c46fa0f14f9fd7489f33bde9abd871ead"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Whistsund3"}, {"hashes": ["ec5a858dbbeb0d2bfef0e45fe300e8493d72bdd57f05adc515a8cd686bbb5909"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "CATACOUS"}, {"hashes": ["eea3d7c32d7d86b52bc34743825b7785facdedf8d19ca1a744068ced942d6ea9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "OPDA"}]}, "reports_count": 25}, "Win.Packed.HawkEye-7647044-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-certificate-short-serial", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "compiler-vbc-run", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1500"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-hawkeye-detected", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "mitre_attack_tags": []}, {"bi": "usb-drive-autoplay-modification", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "artifact-flagged-vm", "hashes": ["e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-hollowing-detected", "hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-calls-activex-object", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "created-executable-in-user-dir", "hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "iocs": {"domain": [{"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "host": "checkip[.]dyndns[.]com"}, {"hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "host": "mail[.]rahniktarabar[.]com"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c"], "host": "mail[.]teiksenn[.]com"}, {"hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "host": "mail[.]zenitel[.]com[.]sg"}, {"hashes": ["cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "host": "140[.]244[.]14[.]0[.]in-addr[.]arpa"}, {"hashes": ["b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470"], "host": "mail[.]airkelantan[.]com[.]my"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "host": "mail[.]sembodja[.]com"}, {"hashes": ["a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "host": "mail[.]falconequipment[.]com[.]my"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "host": "smtp[.]mail[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "schema[.]org"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "www[.]google-analytics[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "stats[.]g[.]doubleclick[.]net"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "github[.]com"}, {"hashes": ["83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c"], "host": "100[.]99[.]0[.]0[.]in-addr[.]arpa"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "ajax[.]aspnetcdn[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "avatars1[.]githubusercontent[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "az725175[.]vo[.]msecnd[.]net"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "aka[.]ms"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "avatars3[.]githubusercontent[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "developercommunity[.]visualstudio[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "static[.]docs[.]com"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268"], "host": "64[.]89[.]4[.]0[.]in-addr[.]arpa"}, {"hashes": ["b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100"], "host": "242[.]116[.]3[.]0[.]in-addr[.]arpa"}, {"hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f"], "host": "163[.]190[.]5[.]0[.]in-addr[.]arpa"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "lux[.]speedcurve[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "cdn[.]speedcurve[.]com"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "host": "w[.]usabilla[.]com"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "host": "41[.]140[.]13[.]0[.]in-addr[.]arpa"}, {"hashes": ["7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141"], "host": "187[.]118[.]5[.]0[.]in-addr[.]arpa"}, {"hashes": ["a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca"], "host": "229[.]116[.]3[.]0[.]in-addr[.]arpa"}, {"hashes": ["c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72"], "host": "167[.]187[.]14[.]0[.]in-addr[.]arpa"}, {"hashes": ["473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7"], "host": "100[.]41[.]14[.]0[.]in-addr[.]arpa"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b"], "host": "25[.]19[.]0[.]0[.]in-addr[.]arpa"}, {"hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45"], "host": "110[.]227[.]4[.]0[.]in-addr[.]arpa"}, {"hashes": ["b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470"], "host": "226[.]127[.]10[.]0[.]in-addr[.]arpa"}, {"hashes": ["f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "host": "0[.]201[.]12[.]0[.]in-addr[.]arpa"}], "file": [{"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%TEMP%\\dw.log"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%TEMP%\\Mail.txt"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%TEMP%\\Web.txt"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%System32%\\wbem\\Logs\\wbemprox.log"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "path": "\\Sys.exe"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "path": "\\autorun.inf"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "path": "E:\\Sys.exe"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141"], "path": "E:\\autorun.inf"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "path": "%APPDATA%\\WindowsUpdate.exe"}], "ip": [{"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "ip": "216[.]146[.]43[.]70/31"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "ip": "91[.]198[.]22[.]70"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "ip": "131[.]186[.]113[.]70"}, {"hashes": ["7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72"], "ip": "162[.]88[.]193[.]70"}, {"hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "ip": "185[.]88[.]153[.]138"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c"], "ip": "202[.]75[.]52[.]240"}, {"hashes": ["7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "ip": "216[.]146[.]38[.]70"}, {"hashes": ["a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "ip": "103[.]17[.]124[.]72"}, {"hashes": ["b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470"], "ip": "103[.]215[.]136[.]10"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "ip": "164[.]138[.]19[.]9"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "ip": "74[.]208[.]5[.]15"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "172[.]217[.]197[.]155"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "151[.]101[.]0[.]133"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "151[.]101[.]2[.]217"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "151[.]101[.]66[.]217"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "152[.]199[.]4[.]33"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "20[.]36[.]253[.]92"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "151[.]101[.]128[.]133"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "104[.]107[.]7[.]25"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "23[.]54[.]213[.]99"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "104[.]71[.]177[.]26"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "140[.]82[.]114[.]3"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "ip": "91[.]198[.]22[.]142"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "172[.]217[.]7[.]142"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "ip": "52[.]201[.]110[.]209"}, {"hashes": ["7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141"], "ip": "103[.]254[.]255[.]235"}, {"hashes": ["b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100"], "ip": "202[.]75[.]53[.]189"}], "mutex": [{"hashes": ["39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "name": "FrOnMdCggcdKgkFGmTVx"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "name": "Local\\https://docs.microsoft.com/"}, {"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268"], "name": "MeAIKFmynaqDlHMORIvl"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "name": "QajLYKXpfeMUUqDaNPWI"}, {"hashes": ["7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141"], "name": "MUjUeSzvFgcfHYrPHEnP"}, {"hashes": ["a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca"], "name": "feGwdBMcxGLevrwrIqdJ"}, {"hashes": ["b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100"], "name": "dLnCwxCIMKMqlTMCzItQ"}, {"hashes": ["c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72"], "name": "DrKEOPhXCjJlNMMrKPbE"}, {"hashes": ["cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0"], "name": "nGSrXBTBEsEtfORJQNSS"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "name": "ekGdHhErGpsyviIFfeEO"}, {"hashes": ["b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470"], "name": "zgLNJHHhQkqwpClMcyNC"}, {"hashes": ["83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c"], "name": "aPYyrtLjbdcvtdnUwBUh"}, {"hashes": ["513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45"], "name": "LMqPefkXbuqYBcfrGvCa"}, {"hashes": ["48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b"], "name": "PlJRKfsvbGkTnQIAYLOL"}, {"hashes": ["528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075"], "name": "SvjwqWxTMUpCsaoCtGkb"}, {"hashes": ["473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7"], "name": "GpgNLHlaCkaNfxsKsSxe"}, {"hashes": ["e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3"], "name": "FdbXlTNSyxQWsEyGaUDv"}], "registry": [{"hashes": ["002e019c537a86bbce10d80fb8fdd9bad64cbb93c7f06b4ef890dacc42253268", "39072610e48f77756a280833af5f10e8e934b823c3b2365995569fda2703b58f", "473356845275695c2a5fae01d2f1e447c60f86303e62edbb2299ce1859c613f7", "48e71e83ec2afe08cfc7d9b7a0a7d6c72c94900683555c86983fff1eca58e78b", "513a6e4e94369c64cab49324cd49c44137d2b66967bb6d16394ab145a8e32c45", "528c09e8b402e45aec1253aa03864b3f6407dcfe47be5faed7c4ddaf4ed1f075", "7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e", "7bc0b0cf825a94cd0d608466ef38b42e0afb53c7718d3ea9bf012653225a4141", "83df6619bcfec886eb238500d238dca3742618c81eff3ec01161301c2f56fd4c", "a90a3d4ba94ead7608237bce01c376c31a153ba7d8da8d2df43e6ab2e82122ca", "b1701dc9c66644d53ff7fa16cbb45ac4d0f0236322e879ea2ae9b287a9e26100", "b9356a64c4591a2f5324baf854cd93a16215e51a9008c65c4807125fee492470", "c24d29cff10a3bf0a7d4122a54b13184996b646f315fd35c626c940d0addff72", "cec70305dfeadc2d03e1884683334b29e6a41066edb6558de868143fd2acc4f0", "e6b4766d3bdcd0d4820ddbc6fdd990be359c4c2863972b14af558affae6c6ee3", "f8bf15978666e8632e5d7eb3fbe5dd5565aec2c87dc455a5a4d2c2f07c1f75ba"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["7ad01cc744c107ea610d49745547e8d98a5e326b5e89a34419b6eebb3ee4cb8e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["a32cebfd827b899001c20ab4332c8ecb4c7182abcc14ecf95c6f06db0767ef60"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}]}, "reports_count": 17}, "Win.Packed.njRAT-7646465-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "11799f7072c6b6fff88b40e9c6e32b1f2a94b3021688f8f72882ace49b55535d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "11799f7072c6b6fff88b40e9c6e32b1f2a94b3021688f8f72882ace49b55535d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "11799f7072c6b6fff88b40e9c6e32b1f2a94b3021688f8f72882ace49b55535d"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "11799f7072c6b6fff88b40e9c6e32b1f2a94b3021688f8f72882ace49b55535d"], "mitre_attack_tags": []}, {"bi": "malware-trojan-njrat-detected", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0005", "T1112", "T1089"]}, {"bi": "registry-parseautoexec", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "modified-executable", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "firewall-exception-user-dir", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "registry-autorun-key-modified", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-category-dynamic", "hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-domain-rat", "hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-query-nxdomain", "hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-snort-protocol", "hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-dns-safe-categories", "hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-svchost-misspell", "hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39"], "mitre_attack_tags": []}, {"bi": "fake-explorer-process", "hashes": ["5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-opendns-malicious", "hashes": ["5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc"], "mitre_attack_tags": ["TA0005", "T1102"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "11799f7072c6b6fff88b40e9c6e32b1f2a94b3021688f8f72882ace49b55535d", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "46757cee1d595b4e8fce248953ee218ae5e70ae211e5b7b9eab08a7a71012c70", "4876ef915ca15e54595396e8867b89420d6427018d5c959718fbc490c619c26c", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "54ea90864000794b981be253fde9747e4ee599d083b92f3d742e2f96f7879796", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "58b7bdfe81e4d27ac080615517de7a9dde31fa6f237196580a1a16eda42ef0e0", "59f2d6c877edd62eb8f91036b77285929e9e9c7a2aeee1679f17db40d29f959e", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "5bc98deaf045185a7cd1acb776f158848ffed211ec3a18540f1902b3d4315c23", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "5ee1550a65c5a870eb415b560446fedb5f0443a1cdeeaa6897f68ac9d091e264", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "6ae90208115ee5152896d4e521414783d532b0cf24355c8203815eb38ee37957", "6c6e020783d68c12f4141f87a1d2489104f3d85903b784533c8a3af1d1edc3ed", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "70d16e94d95d2da796dcfae68632c2f04d4b7542df3f6f8d819d99932d3bd3fe", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "796b1dc07e53151668fee78aeb2a409f6cd8f2cdc4b0fca61ef5e5aa3befc3d9", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "82db53bf3ba8b0700921114cca3634fb62e184e071a4162414ca5630555204b1", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "87bfa1a7ac0d14426d042562249615addec86ff1c50797f2ab9033e007976758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "8b3e2168efec9d63558b182157bd72f039ab7b443efe75a1493d4ae97ef27d9d", "8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "8b8464aeef5156974608da4e0e68a44744dd90f34c0f1e5940806af9afd09807", "91c911e9d8a565d0b90252c3f9564c263aaa256e1c59d32468cdd719b66ad104", "9668f406ba82c72d116ec01dde0181d2667a469f72f8e540ccabc4b157243ea3", "99503bb96e8c20fa6db06b3ac477e68da9bd29cc5799f8b0e68d4502958e27a0", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "9a3f0436862e9dba2f52be5d6d5cb8d7130980bfc38fad034f5bcc78a5bf2675", "9da7497414b57188a23227407b593210be4ce8fc3cbfa2b3a84d4dc3a5d0a992", "a4b579d061de1bf7d68a14869a832b319ca96f6bc59d171d2435c1848543a706", "a67439ffa9d36a6d6971794bd22c27d5a451e4a963e728d2f828e3d0fc4c88dc", "aaa1ca9fae17312c6fad8fee450893ae1930f883a79c16fc3b52962ff5aa34ce", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "b476d4574aeb394ae8d0f8dcd21afeb4fee01764842beb73b07cb21d3b1aa0d6", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "bddd740ac9f880b4630f882b102a5b5ce71efe8ab93ad8a9c923cf98b5392ca2", "bea26c5ad9deac40cfe74a9ef987fbf35bd90f02765f92436db7556f97b54ec5", "bedc9ea2088acc6f6af2529f0e86696ad0acdac465ff40b39d5becb8a4d4251d", "bf6dd5ffa73d1b8d1fffd7663c340451739324cf1e861482ba17b90bd79e1666", "bf76138fc39cd8ff2c97cc4292e5511f8c2a5a4ea269760c08541d8b6ae4a30f", "c0ea711e7966f428f4f754c35dfc92c76e35d8bc201cdc3437996c7132beabc8", "c0fab1343c866525fc4962478fe95ecdc69dee8d52aa71abbd023c471543319d", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "c77fcb439f420dfda75c42686b8e93758ce3a460a76a7fce5a2720d80db46949", "c88a2866d16973b226fd11b4c37f0c586cddf145391f78b6ac381a8dd20c6862", "caf5c5508481d10531a753b0787cfaf1495e735c219ee72c9a6b5c6d45868729", "cfe77e44c56cab14f45f124874a0ca2be021031a5c26a25d29c844b513d106e9", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "d1ab22bd67e1d27b969e3107229bf93b22d2d3fdc3711bfcaee342af53ccbe75", "d429771400948a6c3edec8941f4e42bea463fde98f004c716b597a46191e71db", "d5a0bef8e5f3b5422ff9b30bd7ba81418013ae1a4c28cddf4290aead132c12ed", "d838c6a607bed2f6de149172d90d2856e77085e3303d1425ddfa193a01e38f50", "d86529a6fe26a481b0777cee29312df55b935868a66b03e5fba70d196b0627f0", "d8eb9ac5dc4711239670965a98073003d8be6240b3aad0699118826367e012c8", "d90128295f9923e436d0ec809e8678bf5b2fe228e96b8d9607626ef78fe57e9e", "d91cee9178364339e8c9b4fc5a8c752f75fc99a2c3bc296f5512affb7c558e56", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "de3d4223eaac6785e1dd14f16849e775f96062556aadb22a29d5aa25d10bb6ab", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "fd3e0fdd1cbebf27ad3f5e359b37f4f51a7be54b40aa3469f26b235f65d35922", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530", "fe7a365d179c36c674d16987fb7025eb90b201ea07f5d364afca3863a4a653cc", "ff26ddc5757647f587fc5d3af39dbbd69ef896c58a7619363d9a88746efecc05"], "iocs": {"domain": [{"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "host": "updatehost[.]duckdns[.]org"}, {"hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5"], "host": "hostacosta[.]hopto[.]org"}, {"hashes": ["4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a"], "host": "maistro[.]linkpc[.]net"}, {"hashes": ["b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a"], "host": "njrat5811[.]ddns[.]net"}, {"hashes": ["206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d"], "host": "wrk99[.]ddns[.]net"}, {"hashes": ["c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833"], "host": "paleb[.]no-ip[.]org"}, {"hashes": ["e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff"], "host": "updatefacebook[.]ddns[.]net"}, {"hashes": ["06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545"], "host": "anoy[.]zapto[.]org"}, {"hashes": ["11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e"], "host": "sks[.]ddns[.]net"}, {"hashes": ["17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede"], "host": "playgom[.]duckdns[.]org"}, {"hashes": ["1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39"], "host": "sel[.]ze[.]am"}, {"hashes": ["1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87"], "host": "fa1990[.]ddns[.]net"}, {"hashes": ["218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167"], "host": "cadeee[.]ddns[.]net"}, {"hashes": ["3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76"], "host": "forport[.]ddns[.]net"}, {"hashes": ["53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5"], "host": "kamel000000000[.]ddns[.]net"}, {"hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d"], "host": "uwk007[.]zapto[.]org"}, {"hashes": ["5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3"], "host": "googlescholar[.]ddns[.]net"}, {"hashes": ["5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f"], "host": "microsoft-windows7[.]ddns[.]net"}, {"hashes": ["66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00"], "host": "mrblackyhacker[.]ddns[.]net"}, {"hashes": ["61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0"], "host": "sisinadz[.]ddns[.]net"}, {"hashes": ["5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc"], "host": "rare06[.]duckdns[.]org"}, {"hashes": ["667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855"], "host": "tonik[.]ddns[.]net"}, {"hashes": ["8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a"], "host": "nnjjrraatt[.]ddns[.]net"}, {"hashes": ["6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e"], "host": "andolsi55[.]ddns[.]net"}, {"hashes": ["7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2"], "host": "mohamedahmed123[.]ddns[.]net"}, {"hashes": ["8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b"], "host": "ksk7[.]gotdns[.]ch"}, {"hashes": ["99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42"], "host": "semo[.]zapto[.]org"}, {"hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8"], "host": "aymr[.]ddns[.]net"}, {"hashes": ["e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252"], "host": "zerokart[.]kro[.]kr"}, {"hashes": ["d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5"], "host": "wiindows[.]myvnc[.]com"}, {"hashes": ["ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a"], "host": "testotesto123[.]ddns[.]net"}, {"hashes": ["c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119"], "host": "ayoubofhax[.]linkpc[.]net"}, {"hashes": ["fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706"], "host": "karim20022[.]ddns[.]net"}, {"hashes": ["fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "host": "job16[.]ddns[.]net"}, {"hashes": ["faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea"], "host": "fortpatch[.]ddns[.]net"}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "host": "nerisatm[.]ddns[.]net"}, {"hashes": ["aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a"], "host": "salh[.]linkpc[.]net"}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93"], "host": "shadowstrike[.]ddns[.]net"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "host": "kkj13241[.]oa[.]to"}, {"hashes": ["2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027"], "host": "googlemapsup[.]ddns[.]net"}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "host": "njhost[.]hopto[.]org"}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "host": "host5536[.]zapto[.]org"}], "file": [{"hashes": ["218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea"], "path": "%TEMP%\\server.exe"}, {"hashes": ["11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1"], "path": "%TEMP%\\svchost.exe"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252"], "path": "%APPDATA%\\<random, matching [A-Fa-z0-9]{5,8}.exe"}, {"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\d8b0324f235ac1e3f5b945098c65bc99.exe"}, {"hashes": ["61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0"], "path": "%APPDATA%\\idm.exe"}, {"hashes": ["667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855"], "path": "%ProgramData%\\svchost.exe"}, {"hashes": ["5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f"], "path": "%HOMEPATH%\\explorer.exe"}, {"hashes": ["0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bb3546b99f29cb7300e2fabb10460c10.exe"}, {"hashes": ["0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3"], "path": "%APPDATA%\\hostprocesse.exe"}, {"hashes": ["11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\2229e190824733d5fd9ef82f1a524b1c.exe"}, {"hashes": ["17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\d23d9c65cb2fb3ecfc79f143715252f5.exe"}, {"hashes": ["17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede"], "path": "%TEMP%\\testttttttt.exe"}, {"hashes": ["1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\01a00707f31828e515f7a8e2aae3c683.exe"}, {"hashes": ["218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bfdf88c652c2c4e1125e2e2ca0f50a82.exe"}, {"hashes": ["265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\4af46a85b4fa87853b0e65b1ad2a35a6.exe"}, {"hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d"], "path": "%HOMEPATH%\\svshost.exe"}, {"hashes": ["4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\d36644210cdff9aa05e6ce19d0c576ea.exe"}, {"hashes": ["55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\458ff06394da6bece9a5c4cd8117cf87.exe"}, {"hashes": ["5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\73992d789a423c90813e8eec2a1901ef.exe"}, {"hashes": ["5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\4558820a0923a0921825d142c5621d1f.exe"}, {"hashes": ["50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\8b572b3ff157122c8b2df5bcca279c12.exe"}, {"hashes": ["5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\baf1b8b43310fd5a810a4417b9c5b421.exe"}, {"hashes": ["66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e810ca97b956782863d1e682c2fa896b.exe"}, {"hashes": ["677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\282d0a71b275d1ba738fb09a5ee382a1.exe"}, {"hashes": ["667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\845f62c293914ac94710b4c68885bcd3.exe"}, {"hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\c8e2c1f126ff87da3ec3505fd248db75.exe"}, {"hashes": ["6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e"], "path": "%ProgramData%\\taskhost2018.exe"}, {"hashes": ["8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\8ad5547dad55c7129fdea55d7802db08.exe"}, {"hashes": ["7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\144fcca1be32b3df79de09607609daf9.exe"}, {"hashes": ["8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ae4477e41ed06e708bb81f3a2d9d5e5c.exe"}, {"hashes": ["748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\279eafac37334a5738d1cb35121d6db8.exe"}, {"hashes": ["99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\38ae0012ca9e83dc2de61aeca4f39a95.exe"}, {"hashes": ["b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9d6c3a83bbe3648af9ac5c6ef53b4f3f.exe"}, {"hashes": ["b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a"], "path": "%ProgramData%\\WinlogonNT.exe"}, {"hashes": ["c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e5e7fb70436d62ed21acc70f0caf1cb9.exe"}, {"hashes": ["e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e1b23a3a274e398ba812ab92af688c90.exe"}, {"hashes": ["c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119"], "path": "%TEMP%\\8ver.exe"}, {"hashes": ["f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\6d17d462b56aebad143b1ecd5e6deaf9.exe"}, {"hashes": ["fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706"], "path": "%APPDATA%\\winlogone.exe"}, {"hashes": ["fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\31b96677ea3782444adf13a00494dad0.exe"}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\8150ee3edd820be2e743a152a5606a46.exe"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\3a57f5bed3a22b82ef6c09c718ed1dd3.exe"}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\02becb27a0204d782124d04d7843d191.exe"}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\6c5ae6264a85d81915d34dd41b430dd1.exe"}], "ip": [{"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "ip": "141[.]255[.]148[.]26"}, {"hashes": ["0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa"], "ip": "140[.]82[.]57[.]249"}, {"hashes": ["4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a"], "ip": "41[.]235[.]176[.]195"}, {"hashes": ["11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e"], "ip": "73[.]59[.]111[.]31"}, {"hashes": ["17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede"], "ip": "201[.]14[.]230[.]131"}, {"hashes": ["1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39"], "ip": "59[.]16[.]247[.]249"}, {"hashes": ["39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9"], "ip": "91[.]55[.]143[.]93"}, {"hashes": ["5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc"], "ip": "195[.]142[.]64[.]243"}, {"hashes": ["79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8"], "ip": "105[.]67[.]132[.]172"}, {"hashes": ["8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b"], "ip": "51[.]218[.]202[.]75"}, {"hashes": ["aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a"], "ip": "209[.]126[.]107[.]37"}, {"hashes": ["b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a"], "ip": "141[.]255[.]151[.]99"}, {"hashes": ["c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119"], "ip": "196[.]64[.]252[.]167"}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93"], "ip": "91[.]16[.]44[.]107"}], "mutex": [{"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "name": "<32 random hex characters>"}], "registry": [{"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93", "063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa", "06bb32cbd85132df22a8faeddcb21a4c4b75c1d43204c3f2ad2a296fff7d2545", "0797ae57742b454ac94c003fa918138a859de4935dc12f610c69590cbf34d4c3", "11ce284cdf365067934701dda0c85766b24b470eb06c77b33343ff310f584a7e", "155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "17e11d033e3ff85e06b94072af656a4f41eb06e9214a1ea70c81e97118306ede", "1840b22c24be04c532f99623d05a39ec274b3166529921c9c2aba240dbb58a39", "1943de426e7f5a7e299d188ca86d25b700e75e5c98cdf9fd9ce37a7dcec10c87", "206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d", "218d0f8f9ca2d79be447d212d1bfd977f9ae53e2e3ec9c0064e53c135d51e167", "21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "233acee55667c0319d70c68a4064422d5ed3c68832a7d6172f6e4e7511ecf46d", "265fdf72317473d1a3233858325df0ed9a9f0249209b62cc31865acc45259d56", "2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc", "2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027", "315295248e60e89b0bc0d185073bb2de12ddb1f213988fd01631f714c69ae429", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a", "3734b7738a35e3bc2ebdebe48eeabdec0d91692ba1cc7ecdabc0a35aac9a2a76", "38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c", "39a6548e8fe1859fb83d017420b8a1780d920bfdea45d5d805870cb2d20affb9", "4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1", "40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076", "43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "4ef1ec55d179dbf59fabc5826c6a2a46c747cf1b74773b112538bb746aafee9a", "50abd6d9d7d68d60c6a9dfde31b7fd225c30d339b700b37702b5b9f1161345b1", "5198a18ae837530511c7cdc6efd1a452fa0327a6c052a92111a5ab50138f43d3", "53123ca60710c95793885d163942508919a543e5c831b8af5f6e5a9ed65ca5e5", "55f805e66172894cafef3973e6cfedeaf07710f2f89f81a76117916e0584c36d", "5654000c478df679ad8145c83c0038c0f8f1a238d6758f2729051e9d77caae28", "5a912b409829841f5bce2401840898b30fb9067fdb4d907c6af54c4be3c161bc", "5e847cead3e5fe36aae02a6afeb6bc3bd9e901df7ddee5bdddb967ed99f42c6f", "60b27fdb49dd6d52b0cb77a841224d629dbe6f4e389aba35bef5b43fa974d797", "61f1808c675d9888d3e1548263ab7d6ef780d3c2bd24784dc8d67ce7746f82c0", "66338fc6d9dcecc0981f0cea1a732c4fedaa4e8f4c6467f53e60b8a54f70de00", "667cd0f7082edadb52cb78f75ed5cf5e54159bc1e600475b8360f88fafca2855", "677f423b6f553832440ad5094e2d89474689390625be08c71670a1a712b62afa", "6d7205eb71e025a003d007780a7d1b476d9975caf6f41fb96a1ab8dee9b1d74e", "748f5616e7ff135e1a3d5c1109ade7ed5fd055d38ff0a415b42ce0852b7c5912", "79efbdea0acac083f4a929ecd96db9bb9c72b29e4ce217e633501affed1185d8", "7ee1f8b7caadd80b5ebded890dc2c2e85e1d7ca5d3b4f37e89de6a96ac9399e2", "80108a26b78f0259339ee9e5a883dbf15998798d44c9a527033561c1741e2886", "8048a7aceb531c1e8d0c682df74096ee8ead6289f3ce8f103ccef0470802cf7b", "8597689492578a272106a345f6a541c777fcbbd9938eef04348c84509f3c075a", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "8b401eb853e5e66f6fae004753f7e5213f66d275af1c2cf9a621e00db0e181f8", "99cef6e7de1ec21180ffc69f547daefb3db0111b4222bdef70264b6c7ce9fb42", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a", "aeafb45071df5ba535f5e0aaae2e2869e1df5ed995090eaee260ce5168ce1f7a", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9", "b57e93d628947bc1045f11004a5787b9c2c1a90a5e31b098f8377f1d985e6a3a", "c4602199ddc0be770f3ac7a3df325e2a34fe04c35c5ae68ae5715e8f8c2f9833", "c60c1a996ce28266c47627fd6a7f653b3d434efbe90e959bcf64937cd346a119", "d0426355f0f464490f47e802ca4aa0e099fa6f4461d3b2c46c4331d59cd706f5", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1", "df26a5cdfcdd0bcfaf59fdde80092af393f8a876fcb071be73b4600bd3131d22", "e10436c02a73a5afdc8c5dce38026e342388b10bb7e356e8eab1be946e669252", "e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f", "e81ceaf6d615e33cb2ba997d1527390b0b4962e134e7afc6000ead19639d73ff", "ed4d16a5ae8b2e98af7fa42a8dbf7526dd1abde6ba04d0b1dfb24e55c901267a", "f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11", "f09a554fdc62f6b318c6c498fb7618382e686cec30c875116841912f9e5bc5f5", "faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea", "fbb9e9f17923d7c9a9d197ab58ed6aadd26c8e5ad2d8dbd702ad830bd1b47706", "fd95c61a2a616c292d12353e823b0ec75c21b368f3de99050d5c0596ac947530"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "key": "<HKCU>\\SOFTWARE\\D8B0324F235AC1E3F5B945098C65BC99", "value_name": null}, {"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d8b0324f235ac1e3f5b945098c65bc99"}, {"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d8b0324f235ac1e3f5b945098c65bc99"}, {"hashes": ["155f7b8893b46cc6f27f20d553b30c1b27cefe3b5263676e146ce7a8d7c93758", "89d7ba65a7106f2c1412718d9ad7b7d305824f2754fa2f222d5dd293c972c4f1", "af75712ed8419d1f162a54ccd3b8ee979ebf77d9c1c5f7b772b0e98ca73c22e9"], "key": "<HKCU>\\SOFTWARE\\D8B0324F235AC1E3F5B945098C65BC99", "value_name": "[kl]"}, {"hashes": ["21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": "[kl]"}, {"hashes": ["43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a"], "key": "<HKCU>\\SOFTWARE\\165D6ED988AC1DBEC1627A1CA9899D84", "value_name": "[kl]"}, {"hashes": ["21d04fa8df6c350c2f4b38a11d7b9a236d19e4ecd65e46cd21fb4ca9dd79fdf9", "32e7f6b03d014c8afcb9376553e74d0094541259aa46ce82c401be565689e25a"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": null}, {"hashes": ["43921c36d0fa63b51a415d77f1daa8ca5fe4e66da36e4627d2b1f68b88c05f0d", "ac5fbd00053263bcfab5bb702a8a500b2c960076c46a1253131956246637884a"], "key": "<HKCU>\\SOFTWARE\\165D6ED988AC1DBEC1627A1CA9899D84", "value_name": null}, {"hashes": ["43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1"], "key": "<HKCU>\\SOFTWARE\\4F96FE1A9678A20D54D9AFFDBAF9D27F", "value_name": null}, {"hashes": ["43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS", "value_name": "4f96fe1a9678a20d54d9affdbaf9d27f"}, {"hashes": ["43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS", "value_name": "4f96fe1a9678a20d54d9affdbaf9d27f"}, {"hashes": ["43f696d1fe1dfeeafe4c3d76f8eb0572c9997537d8f6a06951d9dd181f30d318", "db6580624c786257b05114dc764e75153d47fa2ee614c06f43a28cd532561be1"], "key": "<HKCU>\\SOFTWARE\\4F96FE1A9678A20D54D9AFFDBAF9D27F", "value_name": "[kl]"}, {"hashes": ["faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e98e20d3a7cdc2cfef25efd285f46e3c"}, {"hashes": ["f04ee284067c2de984be07eeb12e4c0cf81dfcb52098a1b51aee16c9bf939d11"], "key": "<HKCU>\\SOFTWARE\\4574B70B4269DBD5CA5ED7BB4177052F", "value_name": "[kl]"}, {"hashes": ["faeef12dc2df665ed883fcf710fc92129022bc45ddcba100cb9def68f28b76ea"], "key": "<HKCU>\\SOFTWARE\\E98E20D3A7CDC2CFEF25EFD285F46E3C", "value_name": "[kl]"}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "key": "<HKCU>\\SOFTWARE\\8150EE3EDD820BE2E743A152A5606A46", "value_name": null}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8150ee3edd820be2e743a152a5606a46"}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8150ee3edd820be2e743a152a5606a46"}, {"hashes": ["e160b49cefe08b3fd6676a0c63ef720b402c899033741242d05765f0e4052c8f"], "key": "<HKCU>\\SOFTWARE\\8150EE3EDD820BE2E743A152A5606A46", "value_name": "[kl]"}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93"], "key": "<HKCU>\\SOFTWARE\\F975776AA60E54F3F0A6E78AF19AE236", "value_name": null}, {"hashes": ["03663272f9e7051a9a97cb899d679905f0be0fd3d4a1c4f0068219df60b3ae93"], "key": "<HKCU>\\SOFTWARE\\F975776AA60E54F3F0A6E78AF19AE236", "value_name": "[kl]"}, {"hashes": ["063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa"], "key": "<HKCU>\\SOFTWARE\\659EA9E33303F9C217C1D3A63C4EFF27", "value_name": null}, {"hashes": ["063e948a505f4c3f86c020e36cf30dd51087f704c3b5ab8c45c603abd84845aa"], "key": "<HKCU>\\SOFTWARE\\659EA9E33303F9C217C1D3A63C4EFF27", "value_name": "[kl]"}, {"hashes": ["206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d"], "key": "<HKCU>\\SOFTWARE\\7AA740FFDF5A60410D9AAC4E223C64C0", "value_name": null}, {"hashes": ["206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7aa740ffdf5a60410d9aac4e223c64c0"}, {"hashes": ["206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7aa740ffdf5a60410d9aac4e223c64c0"}, {"hashes": ["206f5239b73adee7bba45b4c74ce422e8ce4b69459ff51c2e6eb636bfd11f00d"], "key": "<HKCU>\\SOFTWARE\\7AA740FFDF5A60410D9AAC4E223C64C0", "value_name": "[kl]"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "key": "<HKCU>\\SOFTWARE\\3A57F5BED3A22B82EF6C09C718ED1DD3", "value_name": null}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3a57f5bed3a22b82ef6c09c718ed1dd3"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3a57f5bed3a22b82ef6c09c718ed1dd3"}, {"hashes": ["2bad081332cca920948eb49025bac210294e4e893e9bafae2c4901ad0bae1bcc"], "key": "<HKCU>\\SOFTWARE\\3A57F5BED3A22B82EF6C09C718ED1DD3", "value_name": "[kl]"}, {"hashes": ["2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027"], "key": "<HKCU>\\SOFTWARE\\B08983C5508F464F455DB06C32AA598D", "value_name": null}, {"hashes": ["2c8e26ac7d5b6dbd06776d7d9135bf19c88d1e35ba342699d2c46e5bcd4ad027"], "key": "<HKCU>\\SOFTWARE\\B08983C5508F464F455DB06C32AA598D", "value_name": "[kl]"}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "key": "<HKCU>\\SOFTWARE\\02BECB27A0204D782124D04D7843D191", "value_name": null}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "02becb27a0204d782124d04d7843d191"}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "02becb27a0204d782124d04d7843d191"}, {"hashes": ["38b9a59a7634f1c82b6edc88dce85a9c95323a6c22c8f34b39c7183fba53df7c"], "key": "<HKCU>\\SOFTWARE\\02BECB27A0204D782124D04D7843D191", "value_name": "[kl]"}, {"hashes": ["4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1"], "key": "<HKCU>\\SOFTWARE\\BC4633C7CAD50E9FD5E79A99A4157416", "value_name": null}, {"hashes": ["4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bc4633c7cad50e9fd5e79a99a4157416"}, {"hashes": ["4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bc4633c7cad50e9fd5e79a99a4157416"}, {"hashes": ["4020db090545adfb146e67f6560bfb4efc91c0d8540571739d8451f53eb658f1"], "key": "<HKCU>\\SOFTWARE\\BC4633C7CAD50E9FD5E79A99A4157416", "value_name": "[kl]"}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "key": "<HKCU>\\SOFTWARE\\6C5AE6264A85D81915D34DD41B430DD1", "value_name": null}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6c5ae6264a85d81915d34dd41b430dd1"}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6c5ae6264a85d81915d34dd41b430dd1"}, {"hashes": ["40662d94d1342b1385c488c80637c6cbd36b36dab6c14a53c4bb505bd2107076"], "key": "<HKCU>\\SOFTWARE\\6C5AE6264A85D81915D34DD41B430DD1", "value_name": "[kl]"}]}, "reports_count": 67}, "Win.Ransomware.Cerber-7649513-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "deleted-submitted-file", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "excessive-udp-connections", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "netsh-firewall-generic", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "feed-domain-ransomware", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-taskkill", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "randomly-named-files", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "http-response-redirect", "hashes": ["b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "process-with-multiple-children", "hashes": ["9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298"], "mitre_attack_tags": ["TA0005"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns other file extensions are used.", "hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45", "d1392b521f9804403d29d5aa21b70ff7ff41d0075f5418fc6abcfda0e34bb2f5", "d7cef24022239751d5594ec57677765bbe6bf97208b4ea3ec30b2046dd080ec1", "e355d9d10d1b11fa3b93434215226f3409a5fe0f88edfe10d5357201ca91a7ef", "f0c5eedf6be46b2b44385f9de02889addca49a21a5fb6ceb84c1b559cee343b0", "f66eb94a0d5e2b1fb7ac286e25d1fbe2907273d95cd4886cc008dbdaf1149b50"], "iocs": {"domain": [{"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "host": "bitaps[.]com"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "host": "chain[.]so"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "host": "btc[.]blockr[.]io"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "host": "hjhqmbxyinislkkt[.]1j9r76[.]top"}], "file": [{"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.bmp"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "<dir>\\_R_E_A_D___T_H_I_S___<random, matching '[A-F0-9]{4,8}'>_.txt"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "<dir>\\_R_E_A_D___T_H_I_S___<random, matching '[A-F0-9]{4,8}'>_.hta"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "path": "<dir>\\<random, matching [A-Z0-9\\-]{10}.[A-F0-9]{4}> (copy)"}], "ip": [{"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "178[.]33[.]158[.]0/27"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "178[.]33[.]159[.]0/27"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "178[.]33[.]160[.]0/25"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "104[.]20[.]21[.]251"}, {"hashes": ["24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a"], "ip": "104[.]24[.]104[.]254"}, {"hashes": ["1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a"], "ip": "104[.]24[.]105[.]254"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]18[.]99[.]194"}, {"hashes": ["b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044"], "ip": "104[.]17[.]64[.]4"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]18[.]59[.]155"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]16[.]87[.]26"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]28[.]11[.]248"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]24[.]107[.]45"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]27[.]179[.]216"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]24[.]105[.]49"}, {"hashes": ["c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4"], "ip": "104[.]31[.]72[.]171"}], "mutex": [{"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "name": "shell.{<random GUID>}"}], "registry": [{"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["0ad301ee943e4c07db4e29280dfa2751c26f2424a26c0ddefe54da2ee8930017", "0ff323a9b5a860638d2e7d32d4beb20c6a56039192e1c6874bd3f8e83fab5b50", "13fc102e36ef0e6b8c16bb43a71648130c67989160db023c37b9fd4aed0bb9c6", "1a1625dc7feb5df5338a2faae2b63613d02e1334088c665b9855c3a2b38174d5", "24782e3375acfaf37967c800ca9c7f0187b269b2e0834c8c03bc9ce311a4f0e6", "291ccd897045e2e6d001718688b4d3b7ec24b68455767bf494a2f72dff28a0b9", "29314f5e045e633978893782a9962f536ddbe8155fcd2b29f31596fb1bc151aa", "2a7c82518a69022222a79a000d714a90ae12921d6046dfe7a3d6035359a28522", "3bac2da90a740a05fe678e690de11798c80c39616d5b76ec14f71413df779ece", "431d65f21c07b31ece4509ae615ed3a33aa7e6f1a86185cd529a036083969fa3", "4e587292a1c85236946b099522ac950d6ef7d0cac2071a801a7fa857ea44b111", "4f065ad9cec479786709e280c742cacd285e2d03cfb7e1beea24eefcc14ef975", "50eafcfe3967da5567ee74841b5bacf3ac57d976b34a673ce64f793a0b7e0c95", "7f619257af25ea41c3413f15a22d52e786876846650961697d8bdcd03c4484a8", "884d5242d7946c59e0d2e0a2c5949dc0462ac1e3c632a99cd1b97804f180209e", "8e2a4aaa58fb38e88fb35af4d311a337465b822559e5615e358707c94daf3bba", "91c94a4990ddbcd9fed1cdea5dc01694abde89f9af147533a091335c2bb9f765", "9bdbbabf543a7656a5f03c213d58ae62a36fdd1da63b72ff1cb2a9d8c1bd0298", "a4f5acf616849318ec5175078c034f4efed5c13b5a72b48d597c2911831c7e39", "b5d7173747dd8f47ff87a9998eef2495bcfa4449f7d9cbfb8f428aa4aea90044", "b7adc24fa60336bfee6e1e5c893a6813b80e12fd2c8dcf9753b1bba1dc374f6e", "b7e1c6758007846b457719fedf999eaf1f72324f7b64053a3f7d31cf862e5201", "c955e1c7b920b5ebc7601bf0d0a82db55cb89d16e8345b1a7d932bd26b6032f4", "cc7a6f658407063c4b59dc261d6d71b1e66800da29e7759dc7e857a56f29819a", "cddb56ba4c1839febdcdf36d5e23859371fd1c229e2edd966cfd44103e35ed45"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}]}, "reports_count": 25}, "Win.Ransomware.Razy-7646351-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "deleted-submitted-file", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-windows-task", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "process-windows-script-launched", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "files-deleted-used-vbs", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "potential-registry-script-execution", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "registry-script-detected", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1064"]}, {"bi": "file-handler-registration", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0003", "T1042"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "dns-query-nxdomain", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "unsigned-roaming-execution", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "excessive-udp-connections", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "feed-domain-ransomware", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware", "hashes": ["4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "mitre_attack_tags": []}, {"bi": "windows-speech-api", "hashes": ["4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "mitre_attack_tags": ["TA0040", "T1491"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypt the data, and send it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "iocs": {"domain": [{"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "host": "mbfce24rgn65bx3g[.]we0sgd[.]com"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "host": "mbfce24rgn65bx3g[.]y8lkjg5[.]net"}], "file": [{"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%System32%\\Tasks\\N0mFUQoa"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%APPDATA%\\Rj3fNWF3.exe"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%APPDATA%\\s1qoaKDO.tmp"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%HOMEPATH%\\Documents\\!HELP_SOS.hta"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%HOMEPATH%\\Documents\\Outlook Files\\!HELP_SOS.hta"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%TEMP%\\f252888.vbs"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WINSYS.CAB..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WINSYS.CAB.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WINSYS32.CAB..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WINSYS32.CAB.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\BOOTFIX.BIN..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\BOOTFIX.BIN.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\SVCPACK\\HFINT.DAT..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\SVCPACK\\HFINT.DAT.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\UNATTEND.TXT..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\UNATTEND.TXT.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WORDPFCT.WPD..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WORDPFCT.WPD.sage (copy)"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WORDPFCT.WPG..."}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "\\I386\\WORDPFCT.WPG.sage (copy)"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%TEMP%\\DDx.bmp"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%TEMP%\\f1.vbs"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%APPDATA%\\f1.hta"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%HOMEPATH%\\Desktop\\!HELP_SOS.hta"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%PUBLIC%\\Desktop\\!HELP_SOS.hta"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%PUBLIC%\\Documents\\!HELP_SOS.hta"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "path": "%TEMP%\\f16184093.vbs"}], "ip": [{"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]17[.]36/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]100[.]132/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]107[.]160/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]107[.]164/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]208[.]36/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]5[.]50/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]17[.]156/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]90[.]32/29"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]90[.]40/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]90[.]48/28"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]100[.]48/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]107[.]12/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]223[.]98/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]5[.]190/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]17[.]80/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]46[.]44/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]107[.]88/29"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]125[.]8/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]125[.]154/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]183[.]4/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]183[.]170/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]184[.]136/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]198[.]12/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]198[.]48/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]198[.]116/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]208[.]72/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "139[.]59[.]208[.]186/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]5[.]42/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]5[.]236/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]17[.]200/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]17[.]206/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]100[.]20/30"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]100[.]160/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]125[.]16/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]125[.]114/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]156[.]180/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]183[.]114/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]184[.]98/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]185[.]190/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]185[.]212/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]198[.]18/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]198[.]86/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]198[.]154/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]208[.]0/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]208[.]114/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]223[.]108/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]223[.]154/31"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "211[.]114[.]223[.]192/31"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "5[.]45[.]107[.]168/30"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "ip": "138[.]197[.]90[.]76/30"}], "mutex": [{"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "name": "zHUoNUQ7"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "name": "PFShggN3"}, {"hashes": ["4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "name": "adX9ZN6Z"}], "registry": [{"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "GlobalAssocChangedCounter"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCU>\\CONTROL PANEL\\DESKTOP", "value_name": "Wallpaper"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\.SAGE", "value_name": ""}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\DEFAULTICON", "value_name": ""}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\FRIENDLYTYPENAME", "value_name": ""}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\SHELL\\OPEN\\COMMAND", "value_name": ""}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\HTAFILE\\DEFAULTICON", "value_name": ""}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\.SAGE", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\DEFAULTICON", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\FRIENDLYTYPENAME", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\SHELL", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\SHELL\\OPEN", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\SAGE.NOTICE\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\HTAFILE", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "4f48d07b6fd583216463faa324e93095f0410235a00af0da71233562415e0608", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "59f022bc6cd223ddf82abeedc28a6c0d6ffbb509bc57769980c60e22e2ec34b7", "82c5d0eab3592ac341b7d708868856519b14eda31126051eb56500aa958a37ac", "af0bbbb148bea5b685d8d126a1eeefe93ffaebc372af2a275f562b0cde9fadb7", "c234cd1f0c68ae4eef831e3722f1c5b7a8e296d1c6709e8f734952871ddc6cf2", "cadb8f114ea4c97da1780fa6b29da9fe1fd4518fbccffe6f8d38b491529660de", "df69a5ce64851d0381c506245cf349b0bcfcc66e5473ebfd990fce61d84e5779", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1", "f28ab9aae48b2e3c9d945625b34e92ddb12f2ea749db2fea27cf0733c0fc4671"], "key": "<HKCR>\\HTAFILE\\DEFAULTICON", "value_name": null}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\MOUNTPOINTS2\\##PC#USERS", "value_name": "_CommentFromDesktopINI"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\MOUNTPOINTS2\\##PC#USERS", "value_name": "_LabelFromDesktopINI"}, {"hashes": ["36e36bde8e7cb74267ee85db14a2ee4876d95e82e2340c72f18476f5815a912f", "4251371c560813d31e2438791723447180aae84ac4f2ef74f1eaf373783bffaa", "5806373a020d44c6d4f1759f1f94f5b10566ec1f19db839962a01a766f43bea6", "cbad15b02c8bf7c370e0438c0931c5b77a39d2fd8a4f6c837b2ae26ab14a0983", "e941bbe217f03827461ee14ed72d231d5c5bb1ba44b9263eec5411a1ada1e28b", "ee6d898c775e46fb09b0d5dd779dac6a57cdf562b79517b6ffd3171794bf75e2", "f15b1a4ee3160d11c287691416a7e6d720693898f5d53c9dfec1af6069ee780a", "f167300ac9720039379fb70a6e463c484662e5933df90e34a67ec24c62ebe2b1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\MOUNTPOINTS2\\##PC#USERS", "value_name": null}]}, "reports_count": 16}, "Win.Trojan.Zbot-7646188-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-known-trojan-av", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "compound-vb-self-delete", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "files-deleted-used-batch", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "sample-modified-deleted", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "process-long-cmdline", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netsh-firewall-generic", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "firewall-exception-user-dir", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-file-uploaded", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "dns-query-nxdomain", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-communications-http-get", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-protocol", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "mitre_attack_tags": []}, {"bi": "html-js-uses-location-replace", "hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "hook-installed", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "feed-domain-banking", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "malware-zeus-mutex-detected", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "5797433a1763268c87261e7dbca7712bd51cb098e68b9ab9caed06274413fd7a", "6cdc5dc0da4583abe3b58df1db4d2206f83068e27e46d661fe24d786117385f5", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "79d7eb8c30078c205b3023ee3f847cc33e7b993bb291ef56d09546beedb4bf38", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "887312da04c4d4656e13b22e7fba2ef4d80a799b0fee19f78e3e5a6a8e43b20b", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1", "a5b5ab63db6bab7fadea325045c037c03ca64d4714b5c57b94816a5f7d4f749b", "a8e45fba7b598143059084a5c9ff76f04751c44d54bf1c7f2361bcc31285c6dc", "b990297d9f0698648bdac5d1eee0f7c324392a2a50dd116cf7dddce0ebb5722f", "c0fa24aec09257cdf2047088050c8d1fc54a7d575e4b6a407df54bb69b37332d", "c425d819aca933c79a5cad7ef5106e11a341a949b83f646dde473db7c9663c43", "c883e9f9aa05b2a7566ce6a6312c520a842cec63b2e1e057281934f4f6f79595", "d06adb149fa191acf5c6093bb767dec110e463b29d67bb41a8e3e5de07ebfde9", "d1b5c01d51ea06e550faea80292f71a4f02415cab99889a8595e2514ddc4a639", "e0464f303c1f102f5b8460683a66151f92e5048c285de7a145ef2a11a10fe3f4", "f1a192b4f246309c696232b5e7e1bb8f52a062cfa374e8582930e58e6fa38577", "f94130456026ba5c2ed790e5523befd7129bd14e3cfddf23a1b17c974ed304da", "fbfa6a91f08b0c66e68959cda8a0865169ee162e3095af7f91b6a15cab5d8a4c"], "iocs": {"domain": [{"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "host": "api[.]w[.]org"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "host": "gmpg[.]org"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "host": "survey-smiles[.]com"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "host": "c0[.]wp[.]com"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "host": "netdna[.]bootstrapcdn[.]com"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "host": "9145[.]searchmagnified[.]com"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "host": "ww1[.]survey-smiles[.]com"}, {"hashes": ["3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f"], "host": "mavisevdam[.]net"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "host": "doduangd[.]com"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "host": "e-ticaretix[.]com"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "host": "ericloo[.]com"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "host": "www[.]klasevdenevenakliyat[.]com"}, {"hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d"], "host": "teiltd[.]com"}, {"hashes": ["2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343"], "host": "www[.]sportmadme[.]com"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "host": "amiciautos[.]com"}, {"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "host": "puresoccer[.]com"}, {"hashes": ["727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "host": "pentaprizma[.]com"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "host": "www[.]webdevelopments[.]co[.]in"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "host": "www[.]ashlyninstruments[.]com"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "host": "metalmadnessworldwide[.]com"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "host": "www[.]hormigascreativas[.]com"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "host": "reductor[.]be"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "host": "dreamwizardz[.]in"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "host": "ashlyninstruments[.]com"}], "file": [{"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%APPDATA%\\<random, matching '[A-Z][a-z]{3,5}\\[a-z]{4,6}'>.exe"}, {"hashes": ["0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "path": "\\debug.txt"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "path": "%TEMP%\\tmp7155b1ad.bat"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "path": "%TEMP%\\ppcrlui_1092_2"}, {"hashes": ["3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f"], "path": "%TEMP%\\tmpff7bf145.bat"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "path": "%TEMP%\\tmp859dd7f8.bat"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "path": "%TEMP%\\tmpe8b31f87.bat"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "path": "%APPDATA%\\Ixp\\huerto.kap"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "path": "%APPDATA%\\Vosof\\axybvux.exe"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "path": "%TEMP%\\tmpff1b32a0.bat"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "path": "%APPDATA%\\Rapewo\\ozpuquh.exe"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "path": "%TEMP%\\tmp2c6554c2.bat"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "path": "%APPDATA%\\Veikywe\\zaavwim.izc"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "path": "%TEMP%\\tmpa30f0a97.bat"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "path": "%APPDATA%\\Iru\\opewkyt.emp"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "path": "%TEMP%\\tmp22d998d4.bat"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "path": "%APPDATA%\\Iztya\\udhunua.isa"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "path": "%APPDATA%\\Xytalau\\ogberya.exe"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "path": "%TEMP%\\tmpe807fd36.bat"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "path": "%TEMP%\\tmpf70a7844.bat"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "path": "%APPDATA%\\Ehrihyi\\pycoocw.apt"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\Local Folders\\Inbox\\504C1147-00000001.eml"}, {"hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d"], "path": "%APPDATA%\\Vyvuil\\yvywfe.efa"}, {"hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d"], "path": "%TEMP%\\tmpd5ae1487.bat"}, {"hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d"], "path": "%TEMP%\\tmpdbd7cf74.bat"}, {"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "path": "%APPDATA%\\Weudqei\\urubyg.pie"}, {"hashes": ["2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343"], "path": "%TEMP%\\tmp819f335e.bat"}, {"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "path": "%TEMP%\\tmp357f8ab3.bat"}, {"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "path": "%TEMP%\\tmpcafb38e0.bat"}, {"hashes": ["727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "path": "%TEMP%\\tmp248d19cc.bat"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "path": "%TEMP%\\tmp052389bc.bat"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "path": "%TEMP%\\tmp2a5f126c.bat"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "path": "%APPDATA%\\Loqo\\courobe.exe"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "path": "%APPDATA%\\Yxdyy\\xyoxvo.mya"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "path": "%TEMP%\\tmp04af4632.bat"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "path": "%TEMP%\\tmpff623212.bat"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "path": "%APPDATA%\\Ilol\\ezmoim.lyi"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "path": "%APPDATA%\\Lyywdyw\\ginopeg.exe"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%TEMP%\\tmp3c9851bf.bat"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%TEMP%\\tmpdcfa0543.bat"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%APPDATA%\\Noz\\yksewue.exe"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "path": "%APPDATA%\\Wobyd\\hoedviv.own"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "path": "%TEMP%\\tmpd11234cf.bat"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "path": "%TEMP%\\tmpda1cb15a.bat"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "path": "%APPDATA%\\Pyysep\\mimafub.tiy"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "path": "%TEMP%\\tmp276c9d58.bat"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "path": "%TEMP%\\tmp368f980e.bat"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "path": "%APPDATA%\\Mew\\lupeku.syp"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "path": "%APPDATA%\\Qoxue\\gigocoi.exe"}], "ip": [{"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "ip": "23[.]236[.]62[.]147"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "ip": "91[.]195[.]240[.]94"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "ip": "208[.]91[.]196[.]145"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "ip": "95[.]211[.]219[.]67"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "ip": "69[.]162[.]80[.]61"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "ip": "192[.]155[.]108[.]148"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "ip": "151[.]106[.]5[.]163"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "ip": "142[.]234[.]216[.]191"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "ip": "145[.]131[.]16[.]47"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "ip": "216[.]37[.]42[.]58"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "ip": "217[.]160[.]230[.]58"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "ip": "136[.]144[.]141[.]147"}], "mutex": [{"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{028A5E55-8B90-DEF1-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{128A5EF1-8B34-CEF1-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{2EFB59F0-8C35-F280-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{59863542-E087-85FD-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{72A85925-8CE0-AED3-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{73F87DE3-A826-AF83-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{78595C56-8993-A422-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{2CBB6B02-BEC7-F0C0-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{5B9B5FF0-8A35-87E0-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{7E9BB940-6C85-A2E0-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{32B9186C-CDA9-EEC2-01BB-E954BB5D4BE5}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{72A1571A-B513-F0C2-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{058163E8-81E1-87E2-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{5C90624D-8044-DEF3-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Local\\{20818558-6751-A2E2-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{079C095A-EB53-85FF-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{2CB2653D-8734-AED1-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{4C9062E9-80E0-CEF3-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{70E165E8-87E1-F282-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{2DE241FB-A3F2-AF81-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{2643604E-8247-A420-A7B0-FAB628C05808}"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "name": "Global\\{6CA32474-C67D-EEC0-A7B0-FAB628C05808}"}, {"hashes": ["0358f1e86e4b23ee4e8fb7478cb2d680dfd4ecfc589bbfe84a153891674c987f", "0837c696ba351fe58c2db850fd388b80fcfd34952ce1b565ece891af628c06e4", "23ed9e1a1479d5d4f1c39d16c2177ea227e1a30c0499637427d8f3f5f92b6add", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "2fa65c259e6a0871b941d74ea3448fc1ae1fd6897cf53f60e208f52ce87ba63c", "31f4d1d0739b557ac23a5c18f1534b15ed982e59409549884d902d1c58773999", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "name": "{8EEEA37C-5CEF-11DD-9810-2A4256D89593}"}, {"hashes": ["2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "name": "Local\\{<random GUID>}"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "name": "Global\\Instance0:  ESENT Performance Data Schema Version 85"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "name": "Local\\Identity CRL v1 File Access"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "name": "Local\\MSIdent Logon"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "name": "Local\\OutlookExpress_InstanceMutex_101897"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "name": "Local\\microsoft_thor_folder_notifyinfo_mutex"}], "registry": [{"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\Software\\Microsoft\\<random, matching '[A-Z][a-z]{3,11}'>", "value_name": null}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f", "03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d", "048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54", "0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1", "0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d", "337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20", "4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb", "856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230", "8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0", "935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494", "a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{598A75E2-A027-85F1-01BB-E954BB5D4BE5}"}, {"hashes": ["2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343", "3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f", "727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{66EF87E0-38E4-3E69-B71C-0472AED7FAD1}"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\TRIDENT\\MAIN", "value_name": "Move System Caret"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "StoreMigratedV5"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "Settings Upgraded"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "Running"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\IDENTITIES", "value_name": "Changing"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\IDENTITIES", "value_name": "IncomingID"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\IDENTITIES", "value_name": "OutgoingID"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\IDENTITIES", "value_name": "Identity Ordinal"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Safe Attachments"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Secure Safe Attachments"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IAM", "value_name": "Default News Account"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Welcome Message"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\SAFE SENDERS LIST", "value_name": "Version"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\BLOCK SENDERS LIST", "value_name": "Version"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": "Size"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL", "value_name": null}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\SAFE SENDERS LIST", "value_name": null}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\BLOCK SENDERS LIST", "value_name": null}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": null}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "V7StoreMigDone"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WAB", "value_name": "NamedPropCount"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WAB", "value_name": "NamedProps"}, {"hashes": ["3c46b43d0231a1de8838c5800ee31373507c95ccb1d817657a501a6e96d8df9f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OHORU", "value_name": "Odmy"}, {"hashes": ["337adfe689dae17f535770811e6ed09e75459f6d7614d038332569f0e5659b20"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WIXYT", "value_name": "Lemeekis"}, {"hashes": ["01a0b75b720641605c7e24766c4a302e74fd3fe24bfd5887c4177e7f8134862f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\YGWUYN", "value_name": "Afwu"}, {"hashes": ["048e46094af688d027bc14056b4bfbe0e40e5d8ce93ccaef63e6bfe16f551f54"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MEOH", "value_name": "Pimueshu"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\UTRUZ", "value_name": "Midiobw"}, {"hashes": ["29ea79c2f9b3b133302fbccb7cb7cf1c3f086c8c70ee8dd2bb8963367922253a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{BF8D3A49-DEB9-A082-220C-354ADB2EF876}"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MALI", "value_name": "Ohimo"}, {"hashes": ["2894062edd7d5d5f460c74cbd94f09abc7001da2b2311f45955255d1764d2343"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OCCYE", "value_name": "Dyiricha"}, {"hashes": ["03dea9eae025cd865f0f42825522e5331c9ac79334ce39489a8d59e6605d383d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\AKUP", "value_name": "Ukle"}, {"hashes": ["0ce82aa49248847027511ab2bd39a3b89cdcf5887927ec81e846b3cb23c8128d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\UXIDAR", "value_name": "Xoig"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "LastBackup"}, {"hashes": ["0bdd777b920612a5fbc91b2a30a3d69e58fa6d5cc95ee6928d9ffff5eb6d31c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": "Value"}, {"hashes": ["727bbd31e05dadbdafa5082d5bd4954bd86f9e0812587f8f01a5dc9b7f544702"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\LOIPYS", "value_name": "Inegy"}, {"hashes": ["856c3ff52edc848e4c26c4c4b0fd6dac8a2a8271023142d32a0fe445b37f0230"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IRIS", "value_name": "Ucegyt"}, {"hashes": ["4e35b24474edede82f61a2406193ad3203a4c7092610a63d56103d0822a9cedb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IBUV", "value_name": "Ubev"}, {"hashes": ["a0248948c98f019b21e64eadc8d86394c4b4b1d4653661a7e37ff3f0428135d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\YVIRX", "value_name": "Riildac"}, {"hashes": ["8a0050514b4130d6310067b74f207472e61ecce545bb4e158fd3582e2f44bbb0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ZANIM", "value_name": "Tubixeryo"}, {"hashes": ["935cf4c0b22f67da6d4d92e8276c67b917dcafe7c5034cbf29a4d2638344d494"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\LIGOX", "value_name": "Tymyibege"}]}, "reports_count": 25}, "Win.Trojan.Zusy-7649638-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-modification-reg", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": []}, {"bi": "excessive-process-creates", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-with-multiple-children", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-hollowing-detected", "hashes": ["11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "ping-has-child-process", "hashes": ["1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60"], "mitre_attack_tags": ["TA0005", "T1055", "T1093"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe\". When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207", "43e6738d6fea2bfba6c260bfb973b04e50ac7846e6f2d72ac5d3de06d64ef433", "4529d94d6ebe8d1bd4c540e0b77a345ab5975fc0b8fc5c729d6e98b93716ad96", "456006e0db1085d6dc17cc5e474b9ea2739be7d195017c1810946028ff36a7ca", "46b7620f53f43dcf97156439a009b78d2d742a3d47f3a191ceaf1b2fa7b729a1", "4f9f28236a79da8f819267770df8f6a3e5939280a66d8eae0f74c403995a96e7", "512ef5f800c82463d9e587361a2a1cc0a8e635c34f04fd55676e90bb9ee12d3f", "5f9ca16604094ee56071f6d95d8852b20765d8b4197fdc703935a9c5718a1593", "612f81b1086acc32a97245e990ddea9b3d5839db4db1a4518232b776f0b04c6a", "61c529dad6853054d64f7fb2f47819d0e26734989c3bb16e15b13431572b21c2", "6632fa0d910f1bcf84aff77cb0b168ef6820e6002964b4c859c5ffe427cae0ac", "66d21dffa560eb52247d6f136a65991ee82ff1e6f2524eb656624acf9e2bed7c", "67913e242bf8dcf5cade9a2aaa8d9270984983e393153cd5345c89f0f729a574", "6aaee8c097341d056cae544b1d4bf5a2d7d684f423fddb620928d6570478b0f1", "6d66b4ae001d217117331a99dcaff5e84a95609fe1721ed0e8c457f1c7bf820d", "6ebc73d59e664889b546e62c17a2d8c500421e4320cb65606c7666f59f592c19", "741cf96fca27a21ee4cb25b24d2f576788f0d7d9c5719e76178760e863de6e45", "7b87310ca5c2fd5ac1ab3b426c9e3473fc8e4014c3b875c508aced2dc08f5474", "800ac262354ed8ce07c28651fd188cc0bd4bf4ea4022bc1259d0069c29727ca9", "88242a33444b52b80b9615c9eead37753959a736a98290538019efa3f745e6c2", "884b55a64be1339f5483f9dd1c03e234a32175f93cf4606db80d3cc00af95ac2", "8964aeb3719d1df41b058fe817709aff0230f79f5b122a14efe4ec35e9c4441a", "8ad35bc3e7de226c1805faca72f5f7cf54764cc1dfec087d8b4abdd52ed42bdd", "8c051836b5ed8df4678769b99d8b9a9d7f0e5d938c813c6447a42d26fd5c655b", "8e30a6c86cc7756d8d495841013003860040d970090d0948d5c03acdb6e15f82", "926a6d9b21d338ef819002a21d68f57117b905884d44d5fe45244cf315dd895a", "95050af66439120c9941f9c3e2114b8dcf6cd59872ada2d81873d6257d6495e2", "a0040a8cc583bc2917677caf81fe2199fbaf1dfb4a5a289fc9431532706009be", "a1e01024e53609753898eafa2fd0117dea2ba4914ad120b4508e143559185aed", "b06bcf630cc04b0675c8ea7c395c7cff637a95d908c63d30693afe6ef78f982f", "b1ac26d35335dc73662ebc32f189ffb8ad66753ec38231b667f40f30bdce659c", "b3a7c99a1e76ad2a11acc70cb1de2c52606b451cfbd0ca37b533e0e149d09623", "baa19bf1de5872debbaa7982305cb485a8b7bf5ca9ea45551fab1eeed79e6d6f", "be5a345811f3c1678acfab20a6ca152ecf36c4702d55f83d9b3b33cb7cf47db8", "bf47dfe64ee8483d0417d0a64d41e9b28eb85c4bf96c55682420d03c9e22bc82", "bfba8edc72cf492fa29d7817928d56db6de1b7fc733413b5087660582f7af0b2", "c0cf52a48064662b374bb183657108953c83c560f677d1ed92cd5b5b6a881a68", "c25776cc74d51535334986226a29cf3eb11baee7f9e5f47c6936d63a033632e5", "c59a5ce2164fc1be6c123c2b0862ff604490c821ded1828a88a7a437b7f98761", "c7e578fb5285f1d982f5b9e358902e06b8acd6a32a6f4c5d9af5bb2d94ba5c47", "ccaf2b746bc0c317b248951c7f9e379ffaef636cf21caa55785fe59138347281", "cdc2b29ed397f1a67866e2b4bd02a969d0602f35791b707908a60f5bfe509aa4", "cfc50f82893275130856ecbd36610a3f988f5f7178a870aeac4646a0ac5ec229", "da17eabc6732700abd34ada0ad746706f4babc93ea44898c24a5f45b4120f28a", "dc2f6ad5a4d90b3c69272e647c9e3c77d7e14f26c6a7c586c96aacf2d019d61b", "dc9535faa723ea9665cd8c6297ceac36f22e21ceb7bf14a37e533a9d6e34a181", "ddaea17bba847d9624df0787ab12b6ab0c8b724038567afba6547f095a6ddf87", "dea522d4e9772c3cfa4d2afcedd515106bac6fe4f0aa8cc4e5ed128b88358f53", "dfd174423214bd87ce3a8f461eb974f5f3d423045ad23935d310a449a9fc78c8", "e3f587355059f6b1826da45684abbd39b695e56c2bb3f6c7370f044dd1bb236b", "ed96d80537356c53905aebf5c43e8a903a5b3e0f543fcfc07ba01429d80ae394", "eeffdb411215be25429ce4571572c6b5c77f60e688f0ff36f650eab18bf0e1c5", "ef1f871f11d25427e7ffcc17520b29c110c4a4ffbb2dde5698ee3d5dd83a19bc", "f26cd2208662ee4f78f2f1e91e96115b2cd05a617ada12f79e8d9e6bdb4d4545", "f655c1f7fd9a11fe9fc39cc1eaed20ee48dbd503c2694027313a3ded822e0ef4", "f6ba249ea4ad8a84959fae98a9b3b4b4ff34d0ff754d4a23800b4641c35da27b", "f94a5ef2a025e68f42fedac2797890632ad3b5b5cf303450b2e3014e39067d5e", "fa9913ffd74603196ad1bc9f0df452189a24f3567b5e489c874a86142f29413a"], "iocs": {"domain": [{"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "host": "a5b4c3d2e1[.]com"}], "file": [{"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "path": "%APPDATA%\\DriversNW"}, {"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "path": "%APPDATA%\\DriversNW\\drivernwx.exe"}], "ip": [{"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "ip": "172[.]217[.]10[.]78"}, {"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "ip": "79[.]134[.]225[.]56"}, {"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c"], "ip": "172[.]217[.]7[.]174"}], "mutex": [{"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "name": "tpKscriO"}], "registry": [{"hashes": ["00673d475ab67506f7150db9c22af65caed680a298ed3a43d35cc902b444cf17", "02c6e4ab2f456400d11b13ef180ba2d668a0cb08034fb0292d1a5c9b5d43fa11", "0853ee118011a2d718eb82c43118b8cde9547485a1e20b38d427b92cb609ef82", "08e65dff73c7365af5e822cd3d604e179d5dc315d94a96ff7bdf22a303611134", "0d8956f96728faca4222f65865e3b8ea92a5e4debabfcd0dc64e1ddaabde791a", "0e74b061629408517b10158295af4e1330054c4e22647acff9b4c75a87189526", "110a2ba0f1a06bd0c5d5f631551854cce6c793366ebb2a77a94eb06027c0fb7b", "1164e9b71e8111253f63f11e382e64d4adfaa71050740134f8728b75430f0c93", "11a699b7f86f468fe81ea529c866242d95249f1bcf174bb74515271aca316125", "11e4d9e0a7219b3112d7522b4f057dc8cc125172251727684777baac5d04cb60", "1400c7e6df9a6e7d1f02d0dd8d1e7915e108d105082fccd3e5cb8834e6985b86", "182405e63434de69bf6520d75ab8f735eaf3391418f9732644d2792c08af1ca9", "1ee8d0d4d288d8d1fa2ff9799c4e1ea43d3c82eea8056ff1ac3632e60c070e78", "1fd2f123a9971fbb654768b858b3e81249b3cf844878b16dd7cc008d808b1a1f", "20f51e469c2d8a9345b446bf247aac617f2a11df09a0ad4a0240c72a4ff4483c", "22030476c1cef3d297b0403aca9c11f8ff28b81c803e58147ffa5ee81c2d49df", "26997600b3486da0e29e9d7f61d379cf2dd9475d8ddcf442fd0cdcea315c8f4b", "27479643bcbf811eea689f50fbe2a4ddf2e462946ed98cbd07d2a7f8cbebedaf", "2bb363f871d1eb38c8829331f0314c3a752ad8175f5e4d0c8a7c0347d437412c", "2eaa225a32d4ac3083c3e1fedecf407241f507b09d6c541f8d3bc2988766029e", "3156cc1b536bfb0d7925989f6055fbbf8c8caccf47cea51e22aa2bafb6ce7b8f", "33a7a99eadcb3005e6241aa92ddf667ddb436f6864ac55f791baabdc4814dc2e", "34f9af31b514fcb593ff081b25ab29646de09bf29ca815cc307e1bbdaa284ad5", "3ea14ed652fe24634e8d33d51e21caf842c4a9cda1e9254b13c879407ebb8e0c", "40768083f6e4017e1963a4e68a117092e47022848d148a904ac480ba42535207"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "driversnw"}]}, "reports_count": 25}, "Win.Virus.Xpiro-7646211-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-program-dir", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "pe-imports-toolhelp", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-service-type-modified", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "pe-packed-vmprotect", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-xpiro-mutex", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-filename-mismatch", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c"], "mitre_attack_tags": []}, {"bi": "excessive-file-modifications", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "artifact-flagged-vm", "hashes": ["2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b"], "mitre_attack_tags": ["TA0005", "T1497"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "iocs": {"domain": [{"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "host": "idiotikgangapreacher[.]ru"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "host": "ochupophooptudokoowh[.]ru"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "host": "usteeptyshehoaboochu[.]ru"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "host": "pilomatchdeepdown[.]ru"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "host": "poochooshoozoxoachic[.]ru"}], "file": [{"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\VSSVC.exe"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\alg.exe"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\msiexec.exe"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\wbem\\WmiApSrv.exe"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Internet Explorer\\iexplore.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\java.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\javacpl.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\javaw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\javaws.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\jp2launcher.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\ssvagent.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\unpack200.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\jabswitch.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\java.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\javacpl.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\javaw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\javaws.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\jp2launcher.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\ssvagent.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Java\\jre8\\bin\\unpack200.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\MSOHTMED.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Microsoft Silverlight\\5.1.30514.0\\agcp.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles%\\Microsoft Silverlight\\5.1.30514.0\\coregen.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\source engine\\ose.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles(x86)%\\microsoft office\\office14\\groove.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%ProgramFiles(x86)%\\mozilla maintenance service\\maintenanceservice.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%CommonProgramFiles%\\microsoft shared\\officesoftwareprotectionplatform\\osppsvc.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\ehome\\ehsched.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\mscorsvw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\mscorsvw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\mscorsvw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\alg.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\dllhost.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\fxssvc.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\ieetwcollector.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\msdtc.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\msiexec.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\snmptrap.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\sppsvc.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\ui0detect.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\vds.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\vssvc.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\wbem\\wmiApsrv.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%System32%\\wbengine.vir"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\1lcuq8ab.default\\extensions.sqlite.new"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "path": "%APPDATA%\\vmware-unity.exe"}], "ip": [], "mutex": [{"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx1"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "gazavat-svc"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx65"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx66"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx67"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx68"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx69"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx70"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx71"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx72"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx73"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx74"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx75"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx76"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx77"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx78"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx79"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx80"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx81"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx82"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx83"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx84"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx85"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx86"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx87"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx88"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx89"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx90"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx91"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx92"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx93"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx94"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx95"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx96"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx97"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx98"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx99"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx31"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx32"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx33"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx34"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx35"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx36"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx37"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx38"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx39"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "{BC477FAC-0870-4757-8554-474B238D93C6}"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a"], "name": "kkq-vx_mtx30"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a"], "name": "gazavat-svc_30"}, {"hashes": ["4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "name": "kkq-vx_mtx29"}], "registry": [{"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Type"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\{CD3EF1B7-E0DA-4510-951E-A3DBC6D893FC}", "value_name": null}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\{CD3EF1B7-E0DA-4510-951E-A3DBC6D893FC}", "value_name": "Client"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4674750392ebfc8b28ea5f56860a67b812a42389e5675fc39fc17ecd3908dde0", "47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a", "c1af783c7493801d110656bc9b113626af144c2858a262c016bf87d8bf2e85e5", "e6f1ba4ef3121b0bffa1598cf727bf8627f77455b75ba6360ebc767b5bc940a7", "ff87502e5ba6475e08a17778522a074f9fb29445a9cff391d190e0cb9f781436"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vmware-unity"}, {"hashes": ["0d7aba6c6c88372928daf3b43323a70324515d1791785d10e1798e105185144c", "2c062d68fa8e965b31acef8ab62d60b52f3ddbe0b731eee5392b3693ec901f7b", "42353fd31df34136f74c104d2b8b2e872d785358f59d7fb7c4a5f47543e8e650", "4ba8d056c1598e2da7b97c251773ff5517f651e65192d741421b4b297cf02fcd", "5fceb5ee3df2db2da8fe3789519e5500babcd73230037a266b5b9e477259f4a4", "7be9283c8c781e689b49553df620e2a54468848869aaf60767d1ca9fc3ae6934", "821a033d8b76242e0de987e74a41bfd023f1dddb51e7b33c9dfc973f1ab14cad", "83906743ca3aa0dc17694d0be5d13d62633759b36975fc92d2de7192e5f3b77c", "8e8fd45b8a63002ad8738273d77668b97349f774aba3e3e23ab67d66012da825", "9e9d9e411004a4f08246aec51920c2cbd2a5c393c51bf710ea4d570bbb2c129b", "a43317c297b99fa65180fe9f5f3413e22872a1f842e597401c11328786374f7a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["47513af9a213839778f63a186dba1623ce7432a94b620ea8f53c9f4027f0fc98", "74cc192284eb84f3592a4a3fff2fe5fc2a9293c815ec9f224be33fa230444a9e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}]}, "reports_count": 17}, "exprev": [{"count": 6768, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 5239, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3257, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 951, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 136, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 48, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 28, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 15, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 9, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 9, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}, {"count": 8, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 6, "description": "A process created a suspicious Atom, which is indicative of a known process injection technique called Atom Bombing. Atoms are Windows identifiers that associate a string with a 16-bit integer. These Atoms are accessible across processes when placed in the global Atom table. Malware exploits this by placing shell code as a global Atom, then accessing it through an Asynchronous Process Call (APC). A target process runs the APC function, which loads and runs the shellcode. The malware family Dridex is known to use Atom Bombing, but other threats may leverage it as well.", "name": "Atom Bombing code injection technique detected"}, {"count": 5, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-04-10T17:23:10+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Bifrost-7646061-0", "Win.Trojan.Zbot-7646188-0", "Win.Virus.Xpiro-7646211-0", "Win.Dropper.Remcos-7647550-0", "Win.Ransomware.Razy-7646351-0", "Win.Ransomware.Cerber-7649513-1", "Win.Packed.njRAT-7646465-0", "Win.Packed.HawkEye-7647044-0", "Win.Trojan.Zusy-7649638-0"]}