{"Win.Dropper.Bifrost-7666040-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-executable", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-filename-mismatch", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "network-opendns-malicious", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e"], "mitre_attack_tags": ["TA0005", "T1497"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234\" or \"Tr0gBot\" to mark its presence on the system.", "hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "3cff4ba683eb8cb2caaa0e77c7870828ab63ce816ff9bc230ff32367467bb25e", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "93a4839d4ee8f2dc1d8e993538b59ab45a4714a0affe0ea1b80b33965a40345a", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9aafd094534915c22439b188f83b829f0f50226f8015bfbd228e7af217c0ed0e", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d", "b6738eecf34b14a702bcd9e6ce83fdc6c6c29b1f78b55cbf175bd7f44ee74f58", "b9acdbbb9de8c18195a701ec384fa77f241f948db28cdb2039999a923761c3ee", "bb1636b7a2049ef30e7d85b106833cce9cc47ed1a40c2e62005a269ac6b91769", "bb8f875c693cb2e5b1e78bbc429a5ad7c6816958ac887f4b9f604019c73bfed6", "c9849824b449e93254bb341917aaa3e41fdfa86e68eefd8a408bdaacf6ade579", "cbc4e51d68b02a824c5fc811200c83b911575d297647e9e5cf5c2675c72e7c51", "d696c26d932efb7c538b1e0c5167e320cf261bafa6c07e78d1412247d2c60ffe", "defbf27d813fe10873ef895ac6f35d8954cdf82c051ac2471584031b38d6c5b7", "e88d9ca00e1bc647b848b903a9b84e1799cbfa8f6ba3c3d87ab2fa320d90a625", "f873efc500797384eed317f76bef2c4b34f03fa1f9da264b21844d91ba2f1960"], "iocs": {"domain": [{"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "host": "bifi[.]ntpupdatedomain[.]com"}, {"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "host": "ntp1[.]ntpupdatedomain[.]com"}, {"hashes": ["56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "host": "files[.]connectionmanager[.]info"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "host": "connect[.]connectionmanager[.]info"}], "file": [{"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "path": "%TEMP%\\notepad.exe"}, {"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "path": "%ProgramFiles%\\system32\\winlgon.exe"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "path": "%TEMP%\\Microsoft Task"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "path": "%TEMP%\\Microsoft Task\\kernel.exe"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "path": "%System32%\\kernel.exe"}], "ip": [], "mutex": [{"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022", "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd", "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284", "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e", "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7", "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4", "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8", "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561", "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f", "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655", "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14", "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd", "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb", "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74", "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6", "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8", "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f", "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336", "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b", "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6", "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d", "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be", "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008", "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c", "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "name": "Bif1234"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "name": "U17ra|)|)0S2"}, {"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["11a2c58c726399b454dfed50f41d6e6b38bed187ea91538a8e6b6a1574d186ee", "1d50ad52ad06a0720d74d40371cd4033f16bb7e8d094699f6814c182cdef421b", "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e", "65ddb078c84cc603480beda4d6cada7fb32d2440a53e558d259898d2a9cbaeeb", "6769ccd7cba503758360da84a32b4c81366fb4d7ab009e19605b814d2e32f504"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kernel.exe"}, {"hashes": ["213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "213406636a21787d7bb2f952c5ecd61cf99ae89a1f347b54f5eefff37c7a0284"}, {"hashes": ["26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "26f137c7c6b2a39b63520965a9fa44b9a31b57964cb7a18da5f3eeb88c273a1e"}, {"hashes": ["39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "39b21aef27336fa9b20f06c37a05164f882198846b4957356840d3f7128657b7"}, {"hashes": ["46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "46d65beb6a330f42e247f24370c69870a7c40d932a14b4fe1f16f8365a1bafa4"}, {"hashes": ["57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "57440c863c21562af58623838091a8a5344e3ccb11a6855883b7bfe68d228ea8"}, {"hashes": ["5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5be8ee0644a06c224bd9715d213ecd5bad041c56a97f14e520ac8ba1dd7a1561"}, {"hashes": ["67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "67b74d020d49fbab918844d14531197663cf95f12fb2ea9cf94b69a54c835655"}, {"hashes": ["65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "65e4912cfd1d848125bb7c3a30feeabf85834a729d9a5e796e81d6baff561c2f"}, {"hashes": ["6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6c5f99d84039deca93eccc524741f8a8696c8a062b45665da93ed7689574ef14"}, {"hashes": ["732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "732b448061b708d6b0066991e2b41d297c0fcf8be10f2b754bf7e15e1f3dcf74"}, {"hashes": ["6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6c6683f45ff10d8ed8a987f006bc0661c7c754f7c7cbc875055c459c5ef554dd"}, {"hashes": ["72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "72bbf2eba67ee88d9fadf73b4ba3c6a409b8cc1f76c3bcccd946d40410bc8dbb"}, {"hashes": ["89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "89b94c5e89b25a15de7b94a8ddd852a2c25f6e15e1c830463b35ad1040b75df8"}, {"hashes": ["88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "88a732b188c2ede9af8489b2b3e3a21bca4a2019a8699ae3328d423720baf3e6"}, {"hashes": ["8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8cc5ec5498ca0c9fd0a1ee4d82bd53e739ec60a6d1163c34eb822abf859a280f"}, {"hashes": ["8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8d48b3abd2ef7d2b982c8f5bc6825e91062a389b74a776086ccdc5cd33dd3336"}, {"hashes": ["96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "96cdde00579274f7be055efea22a28a70f067ce8c0892efc30e01a079d76612b"}, {"hashes": ["9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9d8740cdf4c022c8381a9b89a143278bf399d1c45807e616e8b2e4bf42ebc1e6"}, {"hashes": ["a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a138e079ac414d0932ceccb62a8a787acbeac4250aa6472acb8c9dc83f6aaf1d"}, {"hashes": ["ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ac41df8af3f78fcf1e49f28197dcc15a41f499b3b580c9793a331e55dbfb2008"}, {"hashes": ["a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a97a9927a71a5aa1cb4f71231ab0d9cedd9f3ed8b1e2f67a443ae19e995ac7be"}, {"hashes": ["b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b1423fb3845ab62ab16ab5d15295fc5902be7c7d9a3cc46270888e9635aaec1d"}, {"hashes": ["af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "af99f94cf212fe1e83e3a92bf9ebfd3be5b2d20cbee2cc7c7d5fdd9153931b9c"}, {"hashes": ["029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "029b995b0a500765eb07801a0ac525404d964ebce9e6482b99f6762e6ce5c022"}, {"hashes": ["050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "050896bdba22db5e36bda431cb9418ba59cbabd88617e3eb5d07bec8ebae0cfd"}, {"hashes": ["56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "56df71a96f85eeb31cdb3bfee05542e8268e381c04aa19066b14dcf513c684e2"}, {"hashes": ["62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e"}, {"hashes": ["62d33e9c312af026bfaec8fe5140312bc21395ef29fb2f39840f457b2f6b759e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kernel"}]}, "reports_count": 32}, "Win.Dropper.LokiBot-7662731-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "file-ini-read", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "feed-domain-rat", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-known-trojan-av", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "created-executable-in-user-dir", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": ["TA0011"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "startup-folder-modification", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "deleted-submitted-file", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "files-created-vbs", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "startup-folder-vbs-file", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "benign-process-has-child", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "cmd-exe-file-execution", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-fast-flux-domain", "hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "process-check-ucbrowser", "hashes": ["282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4"], "mitre_attack_tags": ["TA0007"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-imports-toolhelp", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-uses-armadillo", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "malware-remcos-mutex", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "cryptocurrency-stealer-detected", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": []}, {"bi": "malware-azorult-mutex-detected", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": []}, {"bi": "process-read-ie-cookies", "hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-tcp-connections", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "audio-video-mutex-detected", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "sc-service-stop-windefend", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-avemaria-detected", "hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-taskkill", "hashes": ["b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-certificate", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "excessive-process-creates", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-windows-script-launched", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "file-ini-modified", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-formbook-mutex-detected", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": []}, {"bi": "desktop-screenshot", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0009", "T1119"]}, {"bi": "windows-util-ipconfig", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "TA0007", "T1016"]}, {"bi": "enumeration-netstat", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0007", "T1082", "T1040"]}, {"bi": "windows-util-cmstp", "hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "mitre_attack_tags": ["TA0005", "TA0002", "T1191"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32", "068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "282be27c432196ede7a51e45f87206b20fcd2980bf0648b5b2b621c9f2994c4d", "304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d", "387f5f205d8caa9c4a06f3cd5467eaf413f6ef76ce213ba1bba0469b65ed10c4", "3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a", "712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225", "b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "iocs": {"domain": [{"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "host": "repository[.]uzto[.]netdna-cdn[.]com"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "host": "repository[.]certum[.]pl"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "host": "bibpap[.]com"}, {"hashes": ["74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "host": "capital-sd[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "balancer[.]wixdns[.]net"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]facehack[.]tech"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]conditionsxqr[.]party"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]farmasiturkeys[.]net"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]sonaraccidentmanagement[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]wkmind[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]lendreview[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]kk2400[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]fsbohelena[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]sanderdaniel[.]com"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "host": "aurumboy[.]com"}, {"hashes": ["c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4"], "host": "difapackperu[.]com"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "host": "danielbryn[.]duckdns[.]org"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "3aqary[.]info"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "ldq[.]cdn-discuz[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]vidzpoint[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]carolinachildrensmuseum[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]9911742[.]com"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "host": "www[.]3aqary[.]info"}, {"hashes": ["82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "host": "gitlab[.]com"}], "file": [{"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0", "234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\D1CC40\\0F3583.hdb"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\D1CC40\\0F3583.lck"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\a18ca4003deb042bbee7a40f15e1970b_8f793a96-da80-4751-83f9-b23d8b735fb1"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "path": "%APPDATA%\\Microsoft\\CryptnetUrlCache\\Content\\000F7F8FAB2D96E6F8CBD5C9A3B4EC90"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "path": "%APPDATA%\\Microsoft\\CryptnetUrlCache\\MetaData\\000F7F8FAB2D96E6F8CBD5C9A3B4EC90"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\D1CC40\\0F3583.exe (copy)"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\mdmr.vbs"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\awqk\\pnsj.exe"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%APPDATA%\\awqk\\pnsj.exe:ZoneIdentifier"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\mdmr.vbs"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-conio-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-convert-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-environment-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-filesystem-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-heap-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-locale-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-math-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-multibyte-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-private-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-process-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-runtime-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-stdio-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-string-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-time-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\api-ms-win-crt-utility-l1-1-0.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\freebl3.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\mozglue.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\msvcp140.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\nss3.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\nssdbm3.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\softokn3.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\ucrtbase.dll"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\37FFCBBC\\vcruntime140.dll"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "path": "%TEMP%\\install.bat"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "path": "%APPDATA%\\chrome\\chrome.exe"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\8P1577Q0\\8P1logim.jpeg"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\8P1577Q0\\8P1logrc.ini"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\8P1577Q0\\8P1logri.ini"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\8P1577Q0\\8P1logrv.ini"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\chlz.vbs"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\chlz\\chlz.exe"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "path": "%APPDATA%\\chlz\\chlz.exe:ZoneIdentifier"}, {"hashes": ["03cade871cbfb969098aa4d248cf307c4efd743623767312e8413ff20efa8c32"], "path": "%TEMP%\\BC84.tmp"}, {"hashes": ["712a3763760fac6d7196482a42ac563736f62b1bec99954dbdee0d684068d5e9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\19r93RtY8wxz0Eja.exe"}, {"hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "path": "%ProgramData%\\wintool.exe"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "path": "%TEMP%\\-322694399149446892334158.tmp"}], "ip": [{"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "ip": "89[.]208[.]199[.]250"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["3deadf9083be9ee9d39d80eb53f2288d96ddd94bdc8e64e35a00a868694599c3", "579114ac5d8affbe2fa03f44fec12b62ff921ba484d768f6e739eaf566654c5a", "72781a1a099ec975bbd835764501e4e9e5b87455c004a46d9a816503913bc194", "9f673264bbf0436b145a9b5f43476e04def96a8aa2d41ca90270bc2f16b56225"], "ip": "108[.]161[.]187[.]74"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "ip": "184[.]168[.]221[.]33"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "ip": "79[.]134[.]225[.]72"}, {"hashes": ["c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4"], "ip": "192[.]185[.]119[.]173"}, {"hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "ip": "62[.]171[.]173[.]4"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "ip": "217[.]160[.]0[.]187"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "ip": "154[.]205[.]128[.]231"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd"], "ip": "95[.]163[.]214[.]39"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "ip": "91[.]215[.]169[.]58"}, {"hashes": ["b34f2cd20d6ea2ada316a45fbb929d25d3c3175844df0373305c23193f24b7cf"], "ip": "195[.]161[.]62[.]163"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "ip": "185[.]106[.]39[.]230"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "ip": "185[.]230[.]60[.]96"}, {"hashes": ["82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955"], "ip": "172[.]65[.]251[.]78"}], "mutex": [{"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd", "5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f", "74a0c5ba8758cee2c2db1166f31cd53cd93887db30bdfa8fe2a6691d6ba1b646", "82626c1f33df41d7b722592d1b2af004ef93e630994996decce95d4b48f35955", "c1894ab554e8248b54db0f3541c347985e8ef6bec3f174da8e2b1a1c3d46c8f4", "e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "name": "3BA87BBD1CC40F3583D46680"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "name": "A16467FA7-343A2EC6-F2351354-B9A74ACF-1DC8406A"}, {"hashes": ["304e0f3a43e558100b34b2bde0342c5faba1a39333c3ccf669deecbe0281863d"], "name": "A238FB802-231ABE6B-F2351354-E3D5DBAE-19DC1731"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "name": "8P1577Q0W11XAZ9D"}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "name": "\"C:\\TEMP\\46ed341f0bd66a3300458b735f4988f0.exe\" "}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "name": "S-1-5-21-2580483-7563496519360"}, {"hashes": ["e3eeaaf2bcc2e368f36ded0bd0ec9b401607c8b1d3fffb9484552f0da7eb1a67"], "name": "\"C:\\TEMP\\601057c486fbd58f1eb1dfeeb0f98aed.exe\" "}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "name": "remcos_uhvhfuqrpawqhim"}, {"hashes": ["068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd"], "name": "\"C:\\TEMP\\068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd.exe\" "}, {"hashes": ["5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f"], "name": "\"C:\\TEMP\\5bb98e9d1a976e7b45598354ae23ed69748e0ae677db9c17ba3a2e7baf25758f.exe\" "}], "registry": [{"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\INTELLIFORMS\\STORAGE2", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX\\20.0.1 (EN-US)\\MAIN", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000001", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000002", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000003", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\0A0D020000000000C000000000000046", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\13DBB0C8AA05101A9BB000AA002FC45A", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\33FD244257221B4AA4A1D9E6CACF8474", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\3517490D76624C419A828607E2A54604", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\4C8F4917D8AB2943A2B2D4227B0585BF", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\5309EDC19DC6C14CBAD5BA06BDBDABD9", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\82FA2A40D311B5469A626349C16CE09B", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\8503020000000000C000000000000046", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9207F3E0A3B11019908B08002B2A56C2", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9E71065376EE7F459F30EA2534981B83", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\A88F7DCF2E30234E8288283D75A65EFB", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\C02EBC5353D9CD11975200AA004AE40E", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\D33FC3B19A738142B2FC0C56BD56AD8C", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DDB0922FC50B8D42BE5A821EDE840761", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DF18513432D1694F96E6423201804111", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\ECD15244C3E90A4FBD0588A41AB27C55", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\F86ED2903A4A11CFB57E524153480001", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\CALENDAR SUMMARY", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": null}, {"hashes": ["18b7c0110efa21045ac8d98c0196d7f2be382745d2c3051d274872dc97dba9e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "OXCTIR50H"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos"}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "key": "<HKCU>\\SOFTWARE\\REMCOS_UHVHFUQRPAWQHIM", "value_name": null}, {"hashes": ["234ccfa7f64c70cee01f4a0cd2d5d98243a2288847295d75e2b746f9c03cf5a7"], "key": "<HKCU>\\SOFTWARE\\REMCOS_UHVHFUQRPAWQHIM", "value_name": "EXEpath"}, {"hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\1ZUJJ7GV3F", "value_name": null}, {"hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\1ZUJJ7GV3F", "value_name": "inst"}, {"hashes": ["6893d4543596b246d71eb712a9936ada65e187b71a14616daa8c2a2012a12c0a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wintool"}]}, "reports_count": 19}, "Win.Dropper.NetWire-7662196-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "files-created-vbs", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "unsigned-roaming-execution", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-netwire-mutex", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}, {"bi": "startup-folder-vbs-file", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-netwire-artifact", "hashes": ["26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "NetWire is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "67bd26d654e7b93882304a0367b24507eb372de0cfb7e0e51d89121c87f724d1", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7a880081d568dc1455dea5625062419cd742dcdb689b11acc007184f4512357a", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "82fb6dfc50ec73424ac342a6f72825cd560ed27bf68dc22334b4ea47fac779a6", "861c49712e63c0521fcebf9649a29373bbc6781309d696214ce6cf11609ce4ad", "866317fbbb3cbe61ecbefaec67e0291f10cb2f6ffb63d2f0aeb2a3f4c6f7cb49", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "96daf8e75c216cabface4741ad10309d9d92f17e1bda86277c8d137ce0cfa958", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a21e163872a5d5e1f527ca5303e8046018f4cfd085fde908efc73db9118825e0", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a3ce8a87d74fbffba6ec67b289eb0c919f4ba6515e859a30510e5a6f2990bea6", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "ab34a6f331a25769573dc31435260d955c562333b61c610752f65bcb3dcef4f2", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "add64069135f500d3f83a58a77285ea5b364d32544caedbc7e04dd98445f7f19", "aec42249e5217c89c7ba754771666e2b1198b6d0b138d7974347b3d820c9ba4c", "b0f94f330c024fb2f0fd986e56de87141565c0ec5b15583dbac6ad17937392a1", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "c7ac5e37703f72729d71b5d281b3113d57fef2b373f855bb95d8b06b8eada2ae", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "cecb3d492c628d409a8eb1e7753baf6b8581ca3765fef9e2422fd3bfedf4efa8", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "da98646ce9416d310a47e31a2a71638e5ec302d079fd46aeec306209e02a13ec", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "edd790c778e6799e3a442ff7f2ee19629a17a5db44dd320517649c5e284ccd44", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "iocs": {"domain": [{"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "host": "melissa23101[.]ddns[.]net"}], "file": [{"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%TEMP%\\subfolder"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%TEMP%\\subfolder\\filename.exe"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "\\TEMP\\.Identifier"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%APPDATA%\\Install"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "path": "%APPDATA%\\Install\\.Identifier"}], "ip": [], "mutex": [{"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "name": "-"}], "registry": [{"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{AUDWM2Q7-X2F8-4QB2-4L40-3X638OG1X7A3}", "value_name": null}, {"hashes": ["00c7d94fbd8d84c6a5d3311ff15e5c93a246231bb5386d34b7834469de0e3e61", "013a4edb1f65e06183117465371d7b03682b3ddfdae6978e568151912673922b", "081d0000617b95b83033e03c893b5a512bdc830bf69ec02aa432df1383ddc738", "0ad6634d0ee3537496ff4d9925d5f46e64317981e5e9a3604598f70eeb73251b", "119f97c55f5467084b496e2bc9337263ac51cf31e293c20c64c670d9ce0d7d93", "19d0aeefcf3860a508731964d55d1579858891d37aac815b66e5ed9d0d799d22", "1c269db09a368c91c18a7defe2efc9602476bc9f38ac743d84559a92ecbe5d04", "1e95f44688c91d20f07fa1cf68c3a42552f06d032ba350d5a9a39c308f4c0758", "227a792a48145c86796287706457e88ff6cc97286f501c4061c555a76ad17555", "26ce470ad59d00a28257ba7502badea7696c2bbd8bb1a74d63fca82f5cb35930", "28340f5022852794ed80bcaeeee21683226c21c836837480f4993967e35a3e7c", "2cb2c501762346f77c47481e32a1333e87468a35996dbaac138feeef483fdb9d", "32eadf668a533211ecc42d7d7dcefd5da67552052cac6fbbb4720d58b9452f5f", "33d5ccb6b534ab8221e7ff5504be786f7fd239fc00902c80fbc36ffb991de377", "362c2dba695af4c3475519327412856e3e9fec93158df5f33afb6cba160fb80e", "36c40be29ffdaf0c75b5ebb7a942746677ecda9e7484aa8d6cd45a15536f7534", "3f08013c2a11091772bd7b10def79bc95cf9929c97a22a0eab91eabc7980bfc1", "495127422a356bc2eff2c130ce3ceb2bc67486d48524c2d54ed2d0614fdc56fe", "495d48f14b61b5570886387ecef5145935366f26b745e9b57339115a69386767", "500133bb968c175570175cb288a2e4b8a2ab6bbe74416595e8a2c48f8002ecef", "52ef9f698e212ed63e9d26aaf983b461560dfebd9287ef5d7052ed5e2fdffc4f", "5710d34c31566b8592ec26216af05e75ddc27bc1120748a88c98ff0a60e38d18", "572b5dbb175a22147d9cd48c4d1ff7ad39d7a760928769d603e31ddb86e0ef46", "59e1fa278d7cf17ff4ed8bf67613dface3972be80139168b57bc601bddfd8c28", "5a8888f066fca9e1f283dac26ea97c790c7d0e0be8e4667f798c83c9b1cea717", "604f84122c25b97da047a070a65b05a8b9752336d1a4d9b8fa258d3ec3c2c5ff", "71b3e934b9ca55dc97032d0c19f30a544fabc405ae021bbcbb5da1afd5af8aac", "74ae06b29177e4cda41583252b9ea1113a2fb5f0c583f4e5d75fa239a8877197", "7cb2c8cfdd9adf543b8433bef837c31086ad84d63c2e2eb6f5986bda9bb6e472", "7d3c1c918d9ba654bf3f1ab9e1359767f22d8854d0372f922be325515a7d0e2f", "8a673fbdf925d7fb90cf902085d70b3c152b62fa8c57aac0cc27596037a05b57", "92abfaea6c96495f44f03374165a7c2745f0cc5be4615ea05a7e6674c3dd7984", "9b1668fb3a6166f5fb6e82ec1e29682622943ecea92e7fa63faa429710a51fcb", "a24e6104e027a4168a26b88def615868951160fbca8ea93e3184bd8ef3d3fb2f", "a38f92a71fd11f7fcf67e2de504b0dbbfadbb71e29147130c1c81c500c7923b5", "a987672130e7eeab3c90263cda6f28e2c1556c2f0779bb09547e743d20d4d787", "abb2d60be768fee01615a18acc056ecec8407943e36bedf8f860bc2a28900720", "ace27f60ab318b887dba27133ddd800dbd046e06b987b2cb8595013dce50ada1", "ad930846ddb0d671eddbeb00b3e94221c5abfe2f5fb813dcb7060571197ab694", "b8a01e2063fd90d9c86242bec22df43d43d5ab5a55429fe2ebbd259f042a8a7f", "bc62befd391042ee9dc41deae1ccf965bea68bc876485f10aa9424c42aa3bba2", "bdc848e14269914a01cc772cc8e5e5b928a6f72ab6d590b415ff07fe0d93f0ef", "bf72adda161758731fdcf9cde78a2604df6269d24a0ac6982c54fda085c43d4e", "c0b2e7ec005b72e740b86ae041e51484d06c5ff843960e256b1d02d412bd8a57", "c3c3a950c060c597e7c8dbd6273d31e84586a00d79809518ebea16a898679bb9", "c5376b60166bdd4e2804308b5e138a8a72adc0fa0a10132baff44ca6acb960f6", "cd326a5b30d6b8865e6dcf0777e72688f615825db2e6628dd3ce22c4e7c5d4cc", "d470a9dcb2991994aef701b5f52c140cba54e08a809bf000f43668e8289cfccc", "e2516dd739f84385bd79c73671485d0c911f204605b662ca7d939fe757ce2c69", "ea1eaf57b5e4bba434b66525b287b36429d09af5904991fa63697f9bfd36faf8", "ed288dc66e528a25bfdd55b87aaf1a20741fe9da8f8473274427685d6aa85eb3", "ee25dce56f911ab3e4889231bf25f42d68dbf32733c25cb70fee4fa00dc549e8", "f560e85d49b626c3573621d591bbdb2c591c6c1fee10cd0d85e25e2c259bfe4e", "fb59ada0b77d6ae3cf04e10ec0b53cf2428bf06ac34c406a6f2e6143a0c8ed05", "fc9d57e6846161503a87aad585a15ad4062294606ce4dcbb8e025a2a1d21d730"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{AUDWM2Q7-X2F8-4QB2-4L40-3X638OG1X7A3}", "value_name": "StubPath"}]}, "reports_count": 55}, "Win.Dropper.Remcos-7662156-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-executable", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-fast-flux-domain", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-snort-protocol", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "process-check-ucbrowser", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-agent-tesla-filepath-detected", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0009", "T1123", "T1125", "T1056"]}, {"bi": "modified-file-in-program-dir", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "malware-known-trojan-av", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "windows-util-schtask-generic", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "cmd-exe-file-execution", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "unsigned-roaming-execution", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": []}, {"bi": "malware-azorult-mutex-detected", "hashes": ["467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "enumeration-browser-information", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "compound-vb-self-delete", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1098"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1098"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "vbs-calls-shell", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-remcos-path", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-netwire-rat-registry", "hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-dns-safe-categories", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "sc-service-stop-windefend", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-avemaria-detected", "hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "fake-explorer-process", "hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-snort-policy", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "excessive-sample-duplication", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "modified-file-on-usb", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "startup-folder-modification", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-file-modifications", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "recycler-file-creation", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-program-dir", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-phobos-mutex", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "recycler-exe-creation", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-snort-malware", "hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-certificate", "hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208", "284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e", "2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "47c4f4c780567bf13fb2cce25922ea0a8ce0541c3485b897f95965d007763c64", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a", "eff4919bb1000ad6fec3611d76f7fb367ee4e6d1dd4323d0ced140ace6dd0360", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c", "fe5044908209a29b87b8d3332513f258306f0e2c7cae1e0233c9e2f156965da7"], "iocs": {"domain": [{"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "host": "repository[.]uzto[.]netdna-cdn[.]com"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "host": "repository[.]certum[.]pl"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "host": "danishcent[.]duckdns[.]org"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4"], "host": "harri2gud[.]duckdns[.]org"}, {"hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "host": "onelove03[.]duckdns[.]org"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "host": "brockmax2v2[.]hopto[.]org"}, {"hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "host": "menaxe[.]nsupdate[.]info"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "host": "omorem[.]duckdns[.]org"}, {"hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "host": "sabbbb[.]ddns[.]net"}, {"hashes": ["467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe"], "host": "ch31238[.]tmweb[.]ru"}, {"hashes": ["8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "host": "snooper113[.]duckdns[.]org"}, {"hashes": ["2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "host": "securehub[.]top"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2"], "host": "onllygoodam[.]com"}, {"hashes": ["971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756"], "host": "hjkgfhsf[.]ru"}], "file": [{"hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "path": "%TEMP%\\<random, matching '[0-9]{15}'>000_<random GUID>.db"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "path": "%APPDATA%\\MyApp\\MyApp.exe"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "path": "%APPDATA%\\remcos\\remcos.exe"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "path": "%TEMP%\\bin.exe"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "\\$Recycle.Bin\\<user SID>\\$<random, matching '[A-Z0-9]{7}'>.txt"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\desktop.ini.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Buenos_Aires.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Catamarca.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Cordoba.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Jujuy.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\La_Rioja.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Mendoza.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Rio_Gallegos.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Salta.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\San_Juan.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\San_Luis.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Tucuman.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Argentina\\Ushuaia.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Aruba.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Asuncion.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Atikokan.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Bahia.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Bahia_Banderas.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Barbados.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Belem.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Belize.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Blanc-Sablon.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Boa_Vista.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Bogota.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "path": "%ProgramFiles%\\Java\\jre6\\lib\\zi\\America\\Boise.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "path": "%HOMEPATH%\\subfolder\\explorer.exe"}, {"hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "path": "%HOMEPATH%\\subfolder\\explorer.vbs"}, {"hashes": ["2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "path": "%TEMP%\\-357238090.bat"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "path": "%APPDATA%\\d3s4ubf2.oj2.zip"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2"], "path": "%TEMP%\\-357234533.bat"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "path": "%APPDATA%\\d3s4ubf2.oj2\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "path": "%HOMEPATH%\\subfolder\\winlogon.scr"}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "path": "%HOMEPATH%\\subfolder\\winlogon.vbs"}], "ip": [{"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "ip": "79[.]134[.]225[.]7"}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "ip": "79[.]134[.]225[.]103"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4"], "ip": "79[.]134[.]225[.]74"}, {"hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "ip": "79[.]134[.]225[.]70"}, {"hashes": ["e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "ip": "18[.]214[.]132[.]216"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "ip": "91[.]189[.]180[.]202"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "ip": "108[.]161[.]187[.]74"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad"], "ip": "34[.]192[.]250[.]175"}, {"hashes": ["ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "ip": "34[.]197[.]12[.]81"}], "mutex": [{"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["467e703042d9865c5206cc10517ac772e14a3e22499e8be030788469877cb0fe", "971162f3ad3e78f6798176e151adef704a55bf4da29c34ce5de3e6f7509ac756"], "name": "A16467FA7-343A2EC6-F2351354-B9A74ACF-1DC8406A"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "name": "Global\\<<BID>>98B68E3C00000000"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "name": "Global\\<<BID>>98B68E3C00000001"}, {"hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "name": "Global\\{323df2fa-8482-4fe0-ae2a-af543502105e}"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4"], "name": "Global\\{57ac23a9-49e6-40ed-b469-3425e518602c}"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "name": "Global\\{e3812333-72f9-46be-98ef-af1d535ed2a7}"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "name": "Remcos-QZUK6P"}, {"hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "name": "CwTYUOXt"}, {"hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "name": "Remcos-AL48TP"}, {"hashes": ["8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "name": "Global\\{424a704e-eec1-4d4b-9535-ad8735965263}"}, {"hashes": ["c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "name": "Global\\064fabc1-7ca8-11ea-a007-00501e3ae7b5"}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "name": "Remcos-NKAER4"}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "name": "Global\\18af8741-7ca8-11ea-a007-00501e3ae7b5"}], "registry": [{"hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d", "3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120", "d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88", "e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\SETTINGS\\LEAKDIAGNOSISATTEMPTED", "value_name": null}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4", "6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d", "8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7", "a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos"}, {"hashes": ["72f4df9ed3af112edcfc87b57a2f065c64793ec3e6a403749e36ee1d7c9717ad", "ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MyApp"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\REMCOS.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736", "c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\REMCOS.EXE", "value_name": null}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd", "c78b43cc84ca2d3cb980646e458b5f790766f8e5df56788029e1dbaec8ddf1d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["01415bd8f45dcc7699dc12ee436b440d69156b16a0db53488b62e5045fbfe5a2", "2400b12c0071afe6ef99318dfedfd0e2920ec886c90bb8e902843b2f874c6208"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\\\SIGNATURES", "value_name": "AGP Manager Task.job.fp"}, {"hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\\\SIGNATURES", "value_name": "AGP Manager.job"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\\\SIGNATURES", "value_name": "AGP Manager.job.fp"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "key": "<HKCU>\\SOFTWARE\\REMCOS-QZUK6P", "value_name": "exepath"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "key": "<HKCU>\\SOFTWARE\\REMCOS-QZUK6P", "value_name": "licence"}, {"hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKCU>\\SOFTWARE\\REMCOS-AL48TP", "value_name": "exepath"}, {"hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKCU>\\SOFTWARE\\REMCOS-AL48TP", "value_name": "licence"}, {"hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\XR1AF7QNXQ", "value_name": null}, {"hashes": ["284b79e1ac60ac7db72c4efa0e4e73cebdccd1529243a0e2bcdbcc746e0d1f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\XR1AF7QNXQ", "value_name": "inst"}, {"hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\2CAD5C478F3B550F7DEDF081D72703F513DA71B77607117CA50652999DA7028D.EXE", "value_name": null}, {"hashes": ["2cad5c478f3b550f7dedf081d72703f513da71b77607117ca50652999da7028d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\2CAD5C478F3B550F7DEDF081D72703F513DA71B77607117CA50652999DA7028D.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\8552306C719FC0DE2E4D813CEDD44C1E199B061819019F9E2F60EED99605A6F7.EXE", "value_name": null}, {"hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\6DEA6B748C6AE3372D94242AAE27F42F6A167DE3E5E7C8E202974C13653DA49D.EXE", "value_name": null}, {"hashes": ["8552306c719fc0de2e4d813cedd44c1e199b061819019f9e2f60eed99605a6f7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\8552306C719FC0DE2E4D813CEDD44C1E199B061819019F9E2F60EED99605A6F7.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["5eae3df5c3e8ad4346179ba8b67f6f67837f2259a7d267dcc9bee381faa3fc4d"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\3AABCBA5CB2ED3A3486B684C63BCD65B3D9DFE3FA4A575F3740E86D5DBA90FF4.EXE", "value_name": null}, {"hashes": ["3aabcba5cb2ed3a3486b684c63bcd65b3d9dfe3fa4a575f3740e86d5dba90ff4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\3AABCBA5CB2ED3A3486B684C63BCD65B3D9DFE3FA4A575F3740E86D5DBA90FF4.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["6dea6b748c6ae3372d94242aae27f42f6a167de3e5e7c8e202974c13653da49d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\6DEA6B748C6AE3372D94242AAE27F42F6A167DE3E5E7C8E202974C13653DA49D.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["3d725b9a225f675871310daa848eab9d630a05a7405c7db1dc81f0d70f4e6736"], "key": "<HKCU>\\SOFTWARE\\REMCOS-QZUK6P", "value_name": null}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\WINLOGON.SCR", "value_name": null}, {"hashes": ["486f9d279c6a00db51753fa262a8be50272fde73ee64649cac16c624abc037cd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\WINLOGON.SCR", "value_name": "LastDetectionTime"}, {"hashes": ["ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\AC07BB979EAD53D121A3A946995A80637C9CB6767EDCEB9B43D5BC67C0DDAC5D.EXE", "value_name": null}, {"hashes": ["ac07bb979ead53d121a3a946995a80637c9cb6767edceb9b43d5bc67c0ddac5d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\AC07BB979EAD53D121A3A946995A80637C9CB6767EDCEB9B43D5BC67C0DDAC5D.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\A720813ADCFFA4178FBBE8BC07C06ADCB1C2ACFA3AC72A3E410B457F5B884198.EXE", "value_name": null}, {"hashes": ["a720813adcffa4178fbbe8bc07c06adcb1c2acfa3ac72a3e410b457f5b884198"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\A720813ADCFFA4178FBBE8BC07C06ADCB1C2ACFA3AC72A3E410B457F5B884198.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\D09B68E370A0183A2D1FBD5845FB31AD33D818783635A868E9632EE1E3C3BD88.EXE", "value_name": null}, {"hashes": ["d09b68e370a0183a2d1fbd5845fb31ad33d818783635a868e9632ee1e3c3bd88"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\D09B68E370A0183A2D1FBD5845FB31AD33D818783635A868E9632EE1E3C3BD88.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-NKAER4", "value_name": null}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-NKAER4", "value_name": "exepath"}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-NKAER4", "value_name": "licence"}, {"hashes": ["fb790add45260afb4481d29d38f919043542142efd42969daabb43804aff761c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-NKAER4", "value_name": "Inj"}, {"hashes": ["c941b287a615fc8761769d0d9ac36e3495c1ee59124c9c0ffe15feeedc0c4120"], "key": "<HKCU>\\SOFTWARE\\REMCOS-AL48TP", "value_name": null}, {"hashes": ["e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\E456EA2DB9730F8C45F16EA27DFBD2682E242BF0FBBB547DA6B52468277F4F2A.EXE", "value_name": null}, {"hashes": ["e456ea2db9730f8c45f16ea27dfbd2682e242bf0fbbb547da6b52468277f4f2a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\RADAR\\HEAPLEAKDETECTION\\DIAGNOSEDAPPLICATIONS\\E456EA2DB9730F8C45F16EA27DFBD2682E242BF0FBBB547DA6B52468277F4F2A.EXE", "value_name": "LastDetectionTime"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"}, {"hashes": ["bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bd96da3a6e5f371ed82c1e5967c835ac74da4852771de7ef1ea9cd2937f921b0"}]}, "reports_count": 24}, "Win.Dropper.Upatre-7658518-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb", "f254faeea8045a6beb314cc4b3ff1039dcd91fe6c39b595154d2a9da4b5379f0", "f5216ac5031fcc9d31e391dd0d67db57473d835ae9fada09eff399822a665cc8"], "iocs": {"domain": [], "file": [{"hashes": ["047f284235623426088780b90a03692140c3bdeb41616dfdf60b6fbc47b97f8d", "0822264c63db0ed0de15caa662cc41fb0f992b70492a9a012739255d66373311", "19ff613a4c98ce6c1693bbf43198a0a72edd043709acc4040e2950092746b7a4", "1cab25d9202aa989b8971c81ac3360f29dbd61210f1de90e8e2f23da3adbaa70", "2aa07a3d5ff53d42446644301ac833e36a6ed10ff1ab3c7f427bd5ac5871a6bf", "4b65d9880f90afa7a89b6b12f2fcab27bd562361216100179f041562fa40cf6c", "62ad7603fb106bdd9f833216e2a6c9bfa705c31ba118745fb3003b8729893543", "64bb0258179721492c44b6804310534b833708c4d2ec9f7ca74a5febce118f41", "73695f0b92af11df8620715d48e26fc5e42f0ead45b89441d05d78f33b33524f", "7a7ad490b200a853f45c329076e56a18d1af6c0fcb1e01b25950cf6bfd1b4dad", "7be9a40ac30bd8c32e8a01bd052d935149d057d444e522d2aaf40f92c533ea0c", "82a84db63020dd6fb316fee3419de66614f4638da1c6b32d8c2df4fd598fd241", "876e16d223753b955a317f29652ba2d2c1b671e40e37aacdafe8fb16f069996f", "8a0f86d6860032e5f868112d8f2164daa0f4f052999f7c6bbcff5a4488c946a7", "8e82f834192def59f4ffab6606fd0b037577d2c18ea65dbc67d20252e900db95", "921962c630c3fa77eb80c327e6ab9a520f91dc509b1729855e23a2f94bc1fb12", "9a0b3e60e5e0e3bb92e29065ac703a143dc553cd8c58408f97905a464360f947", "9b62125fd364b6c569158c7b55e4c88aca7710bd1b73900ef9fd68355a538fd4", "a0d4c496e9087d3db25f73f4723218a5aa2d501b6b68028fad07292295ecf970", "a4bf9f0471daa61549729f9469aea61539312a5406a3a6090a732a249768bc48", "a873cbd888d84cad9db1d68c9a36d4abe3b7279b8471dc76b7eccc501691b3e6", "d0db48f7146a6f5f24f6ccb8918af487e5c10ff7ec2413f19f71e555ef77e4f8", "d3f3f404224a20a2a3e36be6f2f77f8d62d8060727f7ebc0fba3edb64dda6797", "d545dde3d8c870021976cefb7c9d96bb2eeb29027c0a96c86d420bb8ae7b1124", "e4f81fd54eaa8ec768107d860ebc0f237372eaec899a617f32944c392ef2b3eb"], "path": "%TEMP%\\kdeohw.exe"}], "ip": [], "mutex": [], "registry": []}, "reports_count": 25}, "Win.Packed.Razy-7660763-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-uses-dot-net", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "modified-executable", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-opendns-malicious", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypts the data, and sends it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execution functionality by setting and creating a value in the registry for persistence.", "hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84", "3b7d4082ca34e773c920bfcee1c9e3174d109323317d0f81e1be5dd6db215cb2", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "434ef1525b38ab7dd3d9c4f187e54333783aba36567663800ec8225393f3a152", "469e16d9aa9d3cf159ec34677d41497aa05dc35f0bb369957158edbeda7bea56", "4a84d83691a089b19ddd0e9d3720b70e97051358ff84e19f0f8afd6dd37d1d70", "52e2960058149cc2b89e498b01dfcd3e6f882deb6fa01c736ed75fe9bed02ba7", "59666bf4f789f6b213adfae43fa12bacedb42e3698459df383736d4c4af0b6b2", "59c5a79779a8dbcdcb6ac8bae3a309e8c2279cc248313b9b4a4de6f042e8a519", "5d618612945226c0b09ce64a61bb1ed7f7e846b39b8eacc28a44efe0a9c2e32e", "5d91536f591722ffc2dfd50d6d78d1e59535f884ef7ccd9dc9122df74d82d730", "5e54451ee34d8f6e8997f6eda3caf1c8e6e24873ef18a6cd0132b7fbd70e733d", "604c8b14513a7d055f80a1bdb103c3ff44fa0c68a2dbbb844c8fa8c8cd0a2ca1", "60815b5f471b8e76e725a8a7dce1bd1a7e7f98df7185721eb5060d34d6b78908", "618e8d8e731316a85a0e8d431b99ab31d6a3c0f1e54c2afd7c805b9651a2f376", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "626930d87a80a44e0ee2211c374d603ac1c4308bb83aa8a343f328881e2f284c", "63f8cd6de7a667edb95fe51990274dd30a774905401b8642e071049b1d477a7e", "6cafe1ff9b264bb4ce0ad48654ceca2b8bcdce55825a0cb47962820d1abf8c55", "6f90c5bed82b38f5ce337a1ec2928c4506087e3b30ebde7b7f8af56fbea23aba", "79c5177c06b7f51225504dded79d254c71ac29ccfb1342081ec1d0b553dbff5e", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "7cc1e4da2cbbdbd4473418c3e79a4d7c157c322fdb5aacc6e23586318c141b43", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af", "8360f16eadae18c8f97714be6b8243f35921640cc3439243e8780c954407e1db", "8cafe36158f2d91e002bb18c8468299162094995009b64e5d095ea39ca4278be", "900e034e0d5ee97b0e697ca1f6da684bc3983b76938bb0ad02b835f29da07120", "92e5d9a0a924edca4ee416b116b1a8226a4d99ca87da9368a7295ed4726e1d5b", "936a28c6893523d918d0070b204797bbb7e66e932a3d633ecb252706d4abd7c3", "a1035ede687c7dbb0b22e24a274043c444f256a9c0101bd407e025fa69ff66ed", "a5e75594cacfa379f827ae8cc97f77c9dd0857c5a0b063ea816991c557ea98a6", "a5fa2ab552352bb0a4007d2a5b1da5e8e8c0d8cb45b994ce2c6a3133906c9d91", "a69535f17ded6f310a0c2bd4b67a7577cabec44b794e65d75c2355a72830f00d", "a6ade15e4bcb681e10e6ca3ba87ce90da24415ab2d941e5de8b1679fcc0b7e96", "a73a56f171caa5f431c798d1b6a272e5a30d9edddf8dc2b11247a0d4da840079", "a7ec332b1036b2601044ef98fb4eb63313fbf24d988c34eb8ce06b921104cc81", "a7f39a09abb545ab9ffae8578747755e6777a67e60331ce4afc2f668acc7c7de", "aee0ff06d8f8ba6e86f5e2fae3eec69067f686909854a0acf91738dc40241281", "af64cc106dda8f0261c6721cdfb55eebc1074713348f4f1da6e9e23abfda249d", "b05fb84528e9902416e635863d7cfbc17ff6f36085e4ee69dad31d048b49db90", "b66a663e6cee1fd869a3920e4c52085e071abf961e1ca3d229ea959ed7fa0f53", "b8ceb0610cff5bf22edad3a5ff4451e1980525cad0d43753bf3291b27d54b603", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "b9bd141d2b4fb4b2077dd380c6d880e4808d871797ce749833fbbd7557613d50", "ba90b349e2871898767472ef949ad18a3178b8e26ac496e8bc0a1d77a917a902", "bef8e265c933cc2c0d947b21dc1cae0061579a6e1660a9dea319478d74a9bfcd", "c097632b2933231aa90010a224062697e933ca05a17d8579c051226129ec7d4e", "c18344973282b28b9832bb09459727ff34a30299e65a82d3dff59442405542e7", "c2612f4c5778ae66ba1d22695882370e5deaea949ea3d19f521e04d2861a1dd4", "c44f6eeeb42d72d6b8d9c03e1d1cd61f3e742dddbe88cd6788c97b714232e558", "caa7e14525c8ccbb44b9106886dbf2c41f4aa51de0720a785f247ee48e9217a1", "caab497b1d7bb4c45d65b8c978b87c06fd5f46d9e5cec92e7659f977c95bcf28", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ccd4bc01ade193990916ed08cc184fa8e0bed9109c9b3e5e74cbf911dc23f160", "cd200acfb08afd9890ffd46498961afd004d9573041f328bab1366cebb815afa", "d322d6de2946968f462325ceced22858b2dc0589db1cc8e47f821799ecc4a476", "d66542a7dbfeb7c474c70371b8c66ef0db343badd031779965d312f6b2ba92b5", "da6c5bc45e2c05903a8de7dfad66ad9add1180dd40439b3cdfdd112f336fbe96", "dc241a61fcbd4cddabfc03ce22d7a6350043a64d9ad7aaed47cc9b848615f4a9", "dc4cba8e0b074236c01983016c506096d476a4c846b60e8dbff9cac8a59feea1", "dd0d31c0cf1fbf685dfbe7cbaf50ee965b9bc6edeb404c67e721a59b9b2cae4d", "dd6203f200792fcd7fa7321a4d5d0a139636f66beabb4681e68952ba6f0d60ee", "e946027cb187807aef18e9b365dbdef0c1f5f7e2bcdedae6474ba9c206c941d9", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee", "eeb0674d6a71a984de930b4a1a48f73ca131b7e474bde9fb9240df294dbb683d", "ef7d925addd1088bcd2ddce84902935197f9cc10c41734f57e2cfba99c561feb", "f507655af6d35eec487be793730950bd29c086fc07703a2de1644842590d74f9", "f55cf1e65dbafdef08f5a9bf6a1a494c977ab6d3c7eb134732cb6eace404c42e", "f6211efd770279c3906df4a20adcc5ce74b1e5a335933e243d5cf32f82c70f7d", "fb1bf4eff433fb756859f2e50bcf43466d002440346b3c6860def62c0fd7bfac", "fec6c1b49c9cde0fe2e01c399e81e9227d24e19046ac23b234a4012f12d207e5", "fed4e905dace5022180671519943dce025e02ffb21e2089e363c47263d589dc7"], "iocs": {"domain": [{"hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84"], "host": "server-massil[.]com"}, {"hashes": ["118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee"], "host": "cdnshop78[.]world"}], "file": [{"hashes": ["118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee"], "path": "%APPDATA%\\openvpnserv.exe"}, {"hashes": ["03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84"], "path": "%APPDATA%\\Comodo Browser.exe"}, {"hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "path": "%APPDATA%\\Chromium Caster.exe"}], "ip": [{"hashes": ["02894b2c999020f690dff049ad0b2b2f6655504ce93925a1644005a700ab85c6", "0f73b191ece661314085496e5f92aca9bd5d724a8832fa24d6e89e9fcfb41e52", "215d6ffc2091d25b6580bd944feb6bf60be187553b6fcf593801adb3f10d41fe", "4012b99ed533a6948a1860856340bec89b0d83732258939a0c2ea164505679dd", "620d87cbd75b30159a44c99802f3b490f52bd99c77704e023a4f35104e82a705", "7b0cb05600940273b3da1382f6ded795599f8a83949811fae8f51abfd7dc44c7", "7e319f385ff7b5d4879a56e2168aa246ae08f071a143b7bc92afca0af5ecd6af"], "ip": "5[.]101[.]191[.]51"}, {"hashes": ["0eb799992a3b16a029f5426720dfa76449181815959c7bc6e3bbf63d4967b301", "1cd34859c7e87055c5e1a00f4c73c438f001d4efb45775b166a40a23f6efdfeb", "2d8077afa549313118f12e6502639cf7c450a8785ed9188e06aed7e14e59f0ba", "2db2336ab2d8a68a41d29c3775df51bb8e5b650a8d429ad1362f678cc0929e79"], "ip": "185[.]193[.]38[.]97"}, {"hashes": ["1ffaff8d2e89b1fbdf7a18c42dc670beb2f707b73d5c8763665ca957b378b56a", "2a7925ca705bf4c6fb8b43ceaaf6717aae79bfa58e058b4983e5a3ab7f2976a7", "2dedb85679254904dc83e76afe74b49ab7cae0aab52e1eeac9244a05bf2e305c"], "ip": "45[.]147[.]229[.]28"}, {"hashes": ["318dbf68ab7c5393b8cfd3b139ff4ed76a555a5edb60e5cd2e443a9a3279bc57"], "ip": "45[.]147[.]229[.]198"}], "mutex": [{"hashes": ["118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee"], "name": "4398754397"}, {"hashes": ["03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84"], "name": "549005468"}, {"hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "name": "J6zyM5G0V8"}], "registry": [{"hashes": ["118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "OpenVPN GUI"}, {"hashes": ["118fd003c9eaa16c57e82957565d265aa2c5641a01de331b191ded6792656b0a", "212ac41a0b9dd8ebf0d8f553c0dcfc2bdb705c5331615b321f295139e595c854", "2363be88d8482609e964ac2a6347072f7e10f835dd6bf0666882d869579316c9", "2d645e28b37f2532b945366f5acde9fe19d17d246df3fb88359cde60d9f67f71", "2ee357aa4087d610d6f99726eedd15dd75bcbccdd6b9741dde72e9905874ed03", "b8d7d30abadc76159e00864ba18dd1fcc43f99b327038a73b2f284b927cedd3f", "cacdff20d5457379b76e59ea1f8a4f1b826a8d8692b74bd82dadf908dfc2fbb1", "ea64a8912b48ebac0ae693e59d60978916d785d3ed812afc8ce87b8f37d53aee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\MAIN\\FEATURECONTROL\\FEATURE_BROWSER_EMULATION", "value_name": "openvpnserv.exe"}, {"hashes": ["03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Comodo Security Suite"}, {"hashes": ["03ba96002201bedfb6f8e4e018a84786513d51bbae7f59996dd4a73e80482054", "0f13198e0a04f9f290ebbe0d4fa3449ccb8b42b6c57cae0c7d3669129d5b6497", "136b701d0be7a1b2eb6477860f46dda6ec228f81f7a124e313f33eb15c60a5d3", "1d067e5e39ae962e609536f6a8a548e820cb6ab0347c35a3b964ffc167b2716f", "1fc6daf61c0aaa0e1ae19204668004ea73b29835c91fa5023a0b38438032db75", "34e1196688b05d91014fbddcf4f0e529c18b82d0f28e5330c87387694c179d84"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\MAIN\\FEATURECONTROL\\FEATURE_BROWSER_EMULATION", "value_name": "Comodo Browser.exe"}, {"hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Chrome Cast"}, {"hashes": ["0043c76fcf327b85962b67d87f015663c2651181debaf1cf8b631d1fd7c48e64", "045fb57d831ca00f79dde991794696baa6f65bf257c62ccf654178dbc2409e86", "335660d95cb7447d1be1a1933508fef243296b0cfa634ddc833eb1cfbf3b4981"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\MAIN\\FEATURECONTROL\\FEATURE_BROWSER_EMULATION", "value_name": "Chromium Caster.exe"}]}, "reports_count": 32}, "Win.Ransomware.Cerber-7660649-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "deleted-submitted-file", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "excessive-udp-connections", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "netsh-firewall-generic", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "feed-domain-ransomware", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-taskkill", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-deletes-many-files", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": []}, {"bi": "randomly-named-files", "hashes": ["0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-with-multiple-children", "hashes": ["0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netbios-query", "hashes": ["12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381", "147b259b00aa3157ce9590d133b715d23e6d3c175a9520663c4f8f1742ae3517", "154c76431e693f5e9d89f58543b8f35877ec9c8adaaf6ddd334377fe4440479b", "188b20c610ae04bcd75160a33ba2c53d23107cd05c23bb335d2f9f57962afa03", "18f3640e76ff0cf0cc60c4ae25fdf76022176dd3478adf581f0dd88e6dd66a27", "19b83e1af47b1c545ea18ac83e819f02ffbd31a29975f30a4e6db8171e6ac9ca", "19c61d76a5bc1fc2836488be92bff34351ea4a693c5dd55e959dab20dd918f3f", "1a5c5282f1a89670f89e02e1e0e5e061e0e92e1df1661b424e4b296cb3b51f39", "1b681c65f69edd8f32a747ce520b49437b491f25c4b2588cbf274acb5f771d5b", "1d38c480d5a77a36c8be3dd6891f60a43a5487d38fe914b0ffece2a1816f9720", "1e32ac19db5ec1f959581a30c2857ac05de96fb36f408c51f48b802424ee11cf", "1ebc65abcb7cdad89b1ff56d64d98b603d3cac43d2001e1b99ea015ed9011852", "206706ddee6a97ec03da2ed97bb7d2aaf81478214e55e3faafcafad0276a124f", "21a991696d24c3298227a1f3662bb8621fd2ee846fe8c18f11e1c358581692f9", "21cfc011f6fac8cbacd27334569246cf457acb89f8ac6cba37ffa1a80a5ec3b4", "223a72a52b93caa675f4e5e87fba27af999df9e01085aa8ddf333ecfbeca08af", "22b2747781e5970308b571608b3b0965b8006c30efe1af9abf8297b6812f3778", "239c19d66dc0bf2f0fd12a73076de7d614ffc5f3e4bfe302840ec54f8ba023b5", "23d951e8cb2663994d2082b9a03b0b44ca4fd2b6e8e76dc1d3f44356ccc31b39", "251dedda6df556d61050702b773e3751f8425c802d7e7176eb896d06d02fecaa", "2590c9330fcb0d2deaa18bc7fb9cf7e74b3fe00f14d36cff21e626e86b3bbe7a", "259149d1084064798f46dd4e495deca1603f7487c1d7d5a8f126be181f68aebc", "26779265575617f2532819fa4cb5dd798698d4c35bd75e9189792cf70d51785b", "28021029645798e05a1e1b31dff8477208a7a4275ec9486fbde8d36f20b944ff", "286acefe478dc005c422e81516f2d0d690d3d255b146a467caff8a6260b635e5", "288be6f8af99c63cd0afc53f8708b62aa214737e66585d552d73e0bccd39d8de", "2907cc6c9cb70c9ee4427b95a2062d771133d43847b311657425399061326b20", "29680d2fd40e71fa791d01457f474bf1b04d43317d5fb512d864deca2fc28fb0", "2a75525f5d51593c44a586f1032493c1430ca7fc9f99a3702f8e2909d9767c6f", "2a8668507fc93f55984870f00f2d1791c0e3d57d79ac1335023d72b6e1119dc0", "2b876d72976baea7ac717fb7ab7aa785e7bbcc279888e0a3197c36d628b77c8a", "2d12daf20330b1cb7d6590da97cbecc0dba059cc61fc116aae567f4762548184", "2ed2976e4201ca2594bb0a3ebfba299ad2d85b7b4f89b3ca3bc94b19d7e080f2", "2f68572b9e8a201c7a2928be0bef6f794dd48ac5460353688271a2017135d077", "2fe10ceb441f56040b737b47c3cd17d784770818c3e679125f40eaf2f3c0bf4e", "32c25687934efbbd1d4ceb5da7c2767547e22b539632bacb62f183461b9045ea", "34235e64f6182d9c21ca3e701e5645d29137e6a0700d0ab5da230c1e304ead96", "3425ae9cc10563ec2b0ed4b7b883748109556bc1fe8b9abfbbdb44f7b20158e2", "34c0487baabdd4990a197da6aa3c0f9b904e14b3e42fe803595f4fb0ee1c1063", "34c08f90a48b8fdbbda86d4284c256fdd48395dce002a49d927ef9730c2a64de", "37cbe0bf252fa579f0eaa0562da7c5ad7d9fc368814c7c71e91f19da42f064b5", "39fbc4adbeb28cb3b6d4b6a41bb7a892d7da19c37e7a3440563ae2f8acb0c90f", "3ac0e865d07c4970866e04d2bdb6bd96a963761b4a59c6027166a428080cec6d", "3ce2ff2ad34d45d2fee88ca0939a23ff407a8d0ebe7a5a07d8dfc16fe634cdbb", "3e05d16fa46211fd367fbf7db74384d41ea0bdb14f3d02c3af29e8bbefe2ddc3", "3e38bd06bfa954e205eee9b8c90c535c489672cfd3e7066b6963cab4b1d852ff", "3f9aed3a01de585f49ab8c941455e8db298b21774f75bbc5e6e44cef27ab525a", "4046f226de9e885a1025dd7afc9e4ed30932df0ab96d60ea4bb9d99777bf84b6", "414c5fa1ec2b7d553109c97ed442d19003f605d0b3d2951ca6231c4a824f418e", "41a5aa6e3800b90d5a5a97a0001aa0310f10f2f8c245b025c23d09d9f8eb7bfc", "4203e5c1198007242d9057f017d8314107f9d5f670ea3f277301ef68a263cbd1", "4323ae58f4553eacc7d3b33df8640937a70fb1a5ba5236426ed07ce3c8685b1d", "4371e82fc6897ad31a164e36cff39082895672b77a4d312f6ef9a0398db81fc5", "43c361915fe836082807046bf18b70fb2111a2464b91bd4d06f2693f93796e61", "43fd21f5649abacc170cbb11670b26eeb47922b9e9027206e43bb0c7e1b7ed73", "44dde8195ab25ef8a2ba492eadf413f34dc715e8a7d359a2c97b86b147a6cdc1", "45ea46d2613bba75f45f7d0b2c6463736c9f2148316ed7f3e8a666de286e6b2c", "46559efbaf351b5d93c651a5a387d320a6b916dc3ffd8068ae97cb4dfa212891", "46ec0ec5715a437f9c29d01be542c75160ba06b7f0a918b1106de2895a259afd", "494dc3bb978bdeb23a91f8508b77bbe2ce8d1570d04032c40cf6317f55e6c6de", "4be093c86d5260b36b0aa27bad0bf8475a8628c60e014d340fe18bc0ca50b2ee", "4c4fb9919d0b84f77b5e605739f1ec909e92191afd9b672df43bbe65b6076ac5", "4ca3b759f5bb372864da613747a624b57e09f88d6824959b0f8f26ecdcfc8f78", "4cd227eefca0fee63549b999f1675b161af1fff196066339ca4fe8c592b36666", "4dd9f4c0566be7900581e55f01bae7c2d6e00d18efc2f9ffb2aa18bc4b256b61", "4f54823d93d6f3e6dd2dbe8dbe1553559fb7e9be57d4be7472a16ae60c9199eb", "4fd827a08ce4915bcf0e658e513726da5c967ff981b32c0f882b7715380dfa05", "50320055301bee32f9dc2201c81d678693618a63b631b9f720fce2ad22fee492", "516b96c44c015d03861adefc37f2a7c6c27e8c1f25feef0d5d9f70ce30174e1a", "51ad6201fd02fe11118d5b3f9cf220c5647a95ef3f49e3f69d9c73b2fc3ebb6c", "52311a921fc28da2e5e2b8859c5c14dee81ff6a8d70c37b14990ef2c8fb23806", "524f504322e02587064883cc31b32a63b24a9d2531280583a33a1ab8790a6b6b", "525cd0b27589021e3c31d19b7f75955d8cadbcba691585ed8a8935db0e68f5ee", "5262d65d98fae4fa0a401ade6ac03ba93f1ad556950ef1bd96a8e56323788090", "52c9da701981c40d1d357333ba3c1035dcf6957952b5ba1ea8a2c48a6b897e85", "52e1f06463150ebdb01e7f992ed7548123f16866ddb1c39a798852dc1aa8bd1b", "539030a4df34771ecbf3b425403931a04788adf30275b10fbe4f23a6e2dd1dd7", "54aa1b3c82549998bb229528eee18d86613b5ac9c17e7b503e73241d33a7823c", "55ea1d97deeeb1c6d75f30a19b7665aec9756521c2ab3f177b461c7c945f504a", "575b6759f5057075cdf1cb3633bb0132e331f4d2ca4fcf580bd12cd0d4be7a45", "57a48a069cde1510ae0278b6f0b752ebe150bfe387c451c170ae19caba39f543", "5a3d9873703c4a29b60eda33c653ad968d3b7cd1ec128909d1dec35e7e3f2d4d", "5bf138e6403ea773c531880f056e03957d4694d97df47fdfaea8006562453574", "5c759bc758355e67fa1425c309ed66b9d7ccea871c6131d1340c6896b5709eb1", "5c8189dc836c69a29b1e5d91b5c8087c0105194950334f125b9d02cf31adc803", "5cf809c18096cbd9a8bc3ead0f909049c32d1d9018b91f629922a00fb512d1a0", "5cf98eb46ef640b34fabb416b604f4fc40a302d94dfa188a5543ed29b8d2ae56", "5d0b3dfcbdb898f22a305b1e05b87d8e4fa7f332fdf98bb2fbb545c619d28923", "5f337fa86da17db8ce49f811d8a67995d7e414312d27fa9bed6841789e4952fe", "5f78cbe0edb8330ef9440b83c9162262779baa86350d763016f0e626dc723250", "5f7f24c7ecf2652695e32e28bfe3c1b045a8f2717b2aa0e5e814b7c96bfdad67", "5f80283402ba65f9269f78515d0a0602a6eacd0c7d509337af9c3171f568bac9", "5fbacc4c9c90d3cb510eda62d87b899282ee0e55c031283edec25bc36fba6395", "6030f63f87d10059b260bad5f943e2618889e0d250f67f444f3f5d6e048ce0cb", "61c3df1ae5f8d3db87c3b7c8c4d6de95423cfe5ea41ba97b5436e7dd071b39a4", "63ae8a12331f9861d46e54add852cd601ce945154d199266381fffc6533918c2", "642c52e82cb43dcb31df464c97a29a98ebefd1536d903a24f42810d50e8dd45c", "64851d26fdbee0555ab35e026398df3d70385ce61f4de563e3a4cb9f0cb55fd9", "65db63eb646b0bd70e99fa5e096d2c1c7a24bd39cda31ede0ddb26dbd6367a67", "6633967f5148034fb600296c9a7987fd9bd515301c3f18a5e03a6ac0d7d824cb", "666ec7784eda013cb69d4076e2cfa10e3c615d60368d71627133033f9dd29d6f", "66af3caa7e3b16515e1c0164ceb24f128dea23a30bcf9697f03f972c42d24d54", "66b63553c561b9a07c418fd2009c80abc8aa5688f563d4d4677428102211a746", "66c14b25ca1151f99eb1faebdd3304c97205496d0861cc762c6acdce7f29c6dc", "6832dc3d5417d6e8437ae2247db41522a6dd1a7c52f830cb4ac844a15cfec48d", "6a4577df4b02100776917b59915bd03fb2da36f3b6dbd4da74353b90cec54a48", "6a5ca4da6061e8cd4cabff19f93527fb0029d41eaf3687f5f244f3d7a9335cec", "6a8b3681fbe9a7c1462fd233e06c080d90488fa821d9c2fab0ad1af68ae8c367", "6b575f346ece75126141faf8765aed9374d37161e5417732ad5074894529675f", "6b9da5fa79b96849155c76406ec667f9f4869af22d4bb1bd73fa3ae76287ffa6", "6c727c473fc1a9264d799ce46f1788fb35435eeb88947449c9dec105bc68e808", "6e9da4af9279d3d7454cddcd3efa6b685d1c6b7cab6d65bdcb7b079e0f06bde3", "6eb9c94c24f6614d0ee508e28863d5b56970f8072a5d5027430d257b1e7cbde0", "702b952c2bd27579fdf0c72703e46d04e4249f8ff57d0fcf65060dc1b7927ba7", "7037303b0194336de0bf6188b47c1d4036cff8219bc6a042378337d2521b404c", "704348aea41f80547df1c9375094dbecc5e9f5b86f99cafcb889fd4f60d89c9a", "7078b5ff7d37471241c5b70e9c8bcefafd119f691f06aa5c1ff3e327fd3422a7", "70df6496d66bc4b262552b5855385fb0834a8bb8c2d5944647cfe0fd5c475217", "73772e2132913430d61f55cc65cf098939b64a846e0647bb81aa1e6b9a33ddd9", "7446e9a814b16464d84b518d8267444b0bc3a989e91a1480692d1bcc5147292f", "75d336a079089a77fab6f77ad8968cdb08f96fba86b1400f79addd2a2f1bfd00", "766b7a585c50e600f7ace841f435fd0f70e0c84e3e9e579c40dbba027b9756fc", "7782e8da4e20b6753df02abbac8f444ef8c6d6012f3299b7ef55870fd4386a5d", "77dc3731d8b1b41f8721981d1fec6fe1949963fad1901a4254a2fed7a2272766", "78c5986544ed59ac2a7c91d86787ebb6f1a678a2aa54f605e2c53f6a1767b814", "793e7a7929d967027852d8447254f53f87ed3dfcca46312c63ae7570b7ac7863", "79ea552b29c52b1bbdc2223bee8cf14813592edad2d9461f5ae5d127f3f2633b", "7b3a9af3841cb44a8e4f9264f64c0e2c3b22d6ca53f4837538c816fbd5b8db9a", "7e24e17829f8e8b5da4c046111be44037938912139e5dca4a81486b00a99eeb2", "7e745d4816b5619f66ff719d72e04d0f770ae8925c06c791367b0d791e14d4df", "7e8100553f1597072dfacc890a5e7982a5118a4aa32a1dc5fa51e4974f6630c8", "7ea2be184f0accc28b3a52f1bd0348f24d56603ace40120dd8fd403ec8e4403f", "7f20b405ef24aa3bcc51647646a2e6b0a9742736ac7b4377360f3526bbdcbf49", "7f98e62bc19620ce07580d889f13c1cf4f01bb86c5a06253493bebc1193ae283", "7fd28cf53492879fb97871733e5781afc61dc6a99207147ca78544b316920da8", "80bda1d5b2e9a5eb7d28c9beb62a84d7390c698633228dcebb6cacee0d9116f5", "814e8c73de079c753d6bd7a689c4b32747cb92d3e6f60fa5b00b0b8a60196bfc", "8150a7beb714909be7d5f37118696b484be6aa76a7e6107cba83b1ccca9d40d9", "8240b8f02ac0b893b89d8068452bdd30ccb0d006923d7617f0c56e82e1cc46e8", "826de6441274fe592d7412271cf71257b0c6905b2a35cc00e70a631139f5f84a", "84d1d1ab1df3ebc0b302f50c8ca022f9dab2ce5b81250a5120b222b0cdc94b98", "853ffa15043b69352db4c07519baf84b4566c7c50a44f5897c262126e5de632e", "8668cc3506bcadbe976bdf8baa168ac8c293400600c5226767cd06fba37dcfc7", "86b56f9e2a6ce5299fab50640cf2c77ac18a25afbcb9fdbf57709721dbc9048f", "86e45b58db79108dec3db44e6f09e0b1a6032ff1491a532d25a056c126287ac7", "871bdcaeddfaf7d521a0453077531406077f02ebd3c80d609b0831c4eea8fd91", "88aee745bb60b1ec010f4e30c7ff64584a42eb12fd6f60103ab090cb4e1fe504", "895c747d4cf9586e4f35d2a8b0cbf8cef08d3e04b3a893ec551ae0a3a5cc1b1d", "8ba45a908c36caf7bc857e00ad491ab49a1263826b3b2d06511912cf13cc513a", "8c219ecbdb96ac43a8462873bc9e5ed2b50540b06f7c089ff8a5ded7e9af844e", "8ce553f49b8fd421eec8148981477e3cfb08b02294fb0250d733aeeb9f0a7567", "8dede64e70ab596a491bfb59476ceae7abca50f57b9e9d3bfe05db655e94eb1f", "8e43b4330314e7aba6e1adde6b9ca8b5e7a689dedee150708469264395e484aa", "8eaa65aa484df74068a24bb8896669638f8ddd5e28c57b79d4848da260ce8300", "8fca4625354307b88637fc49b2f8eed55cac1cf3069f4381d381d83254bc38f7", "90a4c925d3b1688f721ea48095086a553fe15a139e70273cdfe0ca5a72b7d608", "90dc4d113b9d20da1bf26cda39230decd7b520e1cd404b64c528028d4e8d29dc", "943e23f30d49290a8973368fb87e0bad0e2fb058d698327e1e5599162ce4b756", "94517dce5d20aeaf52bc3c46609ea91c8925962ad2b59d67256ffc9aba8354aa", "948d48f297d7f17d5c657fef5398892648092e3ebfeac9e68ae3926e3b9543c2", "9638879e64eda96e23770f3acdad31a32831f42002921d3c34fe0ca85d35f824", "97b45ef7dea4d64ee98ac8fc02bfa5b1996914d020a9d20e23b839725d216400", "997146170dd136abddfdd7605e4080b0442de6e5f39e7f8342cb3fff72b91fe4", "99f9b5aeeddd1b656a41392fa59b2a12a6370117ca0f64c48fce673fe94f45e6", "9a62646b4b7b2ab5ff59778ccad1782d6bf0f5ef7a8d0c845a9a2bbd35de9e89", "9c167073cc063b48ca5294c30f53b54e4e275bcadfce434989c2c952a1803b89", "9c552474f7576b3b9aa8fa56cab977e4a5f98986b58880c124a167f20e5e74d3", "9cd3ab42e36224e1d751325e4cc81391477bf43cbb0a9118a4460a6a1b6b5a04", "9dd3755427af9e2f0eee187116b73f9e02671aa17f9944fc3c95d5c7a04b5e14", "a04585698ebd76c650e1525fe5c2fbbae58a8b153ab52f2f94e2fd52fda3376f", "a084d4fc39f16384c9ca63ca8a96d101402813ba785c5588a95bd9b4c7bc781b", "a0d0c131cc66640fd8d50200d3cad7aaaf703ff9122b8be98e6564007e6c81fd", "a451073d2616cfc82a24fab3fc4881bc2d356b391471bef19d7af286ffcdf1c5", "a461469cb2ca41c6257413158b7aa4168653fea6a00652c303defb0fc9584e47", "a51bd7e98a2ffd4fcf50e287a911864628b791b1b5674e1dd19779cd8c866e7a", "a6132101f0651ec8e87dd90dca7a5c2e8e8fc22542aff4064ef79d2b2abab0ba", "a6422a197e230655f79b0fc8a79f35e9140ba2b37f7e18e5789ae06351587c39", "a773352aa54b962ab2a4fa51f53e53cd63bfc5d04856ffa1f7f159fc24beaa56", "a79658eb42751cba0b212d6fed84088a126271ebfaa61f910bdb326d9e5a729c", "a7e914c0b4513159ff116dd1ead33c7e8e99d289863ff6350d516037c85086f6", "a828f8e4384a9771544b06297cef0ed4e83854a6f73f44a2dcd17ac6d4fce86e", "a8e58e2581e239ad99fccd5f2c12a0e32a5adc44a16643d42404250640dd3b16", "a910130f8015e9adbf982cfc2499d24d3375d89fe81164a1e0c3f0245809e3d5", "a9f1ce09342bde8985c0ac5ab55f618d929d4466e981c2c1054342d5d80da83c", "ab869d78932565e0dca3cab30d66c890536df34fbc6ce36329f85fa3f53ef28a", "ac1b6d29963351571256fdaafb4b720cbdcfb4e1593f40ef35a9ec583e47e0ee", "acd689f04af4d349a64b3b0986608f02811a42fac95c242a445a3185e1d7deb5", "ad5490b65cdea7c2a35abe0b4bc219d0d09cfedd5af8ded7aca0acbaf3d61953", "ad57d87d503c964cf90316d310e9abc0b74f5b9b2fd9083e2a86fb991b3e12fc", "aebb431c0bbbd7ec29a2e09ba8b8173829b4b203802ddd94bfba55e9e151f962", "b342c0126dad349fee888caa6e17186e9469507256936299877dfcb402bea57c", "b344e4c9fea2e491ccf886fab23b538db97aaf90541357eee6e3ec81387bdbbd", "b6678cf5c12e35b7fad251181c37f35ea995ea33c29469100a2f05f08930029e", "b6d69375f495268fdc382a97536a373530d92fae74a2ba570d1fffcb99cac19d", "ba77f928d79b1d0a2e76f129befe039bdacac6a7b88764404c916aff4e030353", "ba7abfd60c05d7a3c6ce61e8161fc0998134c9109338f24c33f6a76d96d13559", "baaf3b44edf0d729e5647dd63107bed29021d911bef019d0342a278110d4cf23", "bbfd981d5f5ee975de572eb32c35af2911c505c3a30d3014c5f6fd52968ce68c", "bca6212103077fa35cda5a46fa950dc6e19e7db155ba2fc6f174e29c5f912444", "be91c92ccd70aa28cf473322d33c98932fcb2b732c0f5f2f2d5ded683e6657b6", "beccf54df38f01db867b2f192e4540f977d662a4413c0c02cfebc0055e7f47af", "bed0f5dcf3a51faf88360cf8af543ac6d5263fd22395a280ba13c59d47033fa8", "befbe696b34e4c47504d60c56a6aeeffad16de1bd78ee6494a566a301f95b9f7", "bf98a74a2d08c7fa45ccdb272759146be9b2c8db0c877b7da4a1145ea8579b3d", "c230cee469e7b16b82bea2708fec6469d99a0130f78dc1e89009552eda50cf51", "c2fec1d64f13907aa345f68ccc9d4f3de7e274d9a003d0854a54f95371eef50b", "c664bf7f77079e97f2a926f55327556d4550a4850e2e2487e43b19d0ed2c07b9", "c6ac2177eeeeabd336e3f217598087735c6c5f20dfe8e361ccf7999a11b52e76", "c7086307de051d625e236cecb169ef460464c8cb1d2250c309e726d714679128", "cc986786fd0b6ab08ea6d6436ec70f03e37aa80f5b377891bd622761148bc540", "cce32f4f7d7f44cb38409f6b31f1be58be30b6ab9c2883e88ce7989865b0dd47", "cd2290067722c4efad3580753a80982e8a34b1c9587f325425718cda500202a8", "ce75ed55f4ab3b11142a63ffef8c18209421d78f2e1f88a3c468d0083f434dd7", "ceeafe872c0a96f15d1eb06de450d25350270a7b229d935a3d8fff55da26a310", "d0bafdb574343dd629283b4d62101e1fcd9ab14283d3b3e7c46d2dd21ecf2059", "d1bbbbc5169e01ddb908ad1618cdb10c6733462c1fcdcc4364e9b8157ab8ac47", "d2ebf11b5b9ef59a5bb5c14be5989854a681d87e2a6b4ab40ea7134d444124b1", "d2eff89e6b958dd380c2c23e83e6a9fa1a445b10aedf048538127977d02f63d4", "d3b173d21ef6fcbb3104c7c5099a119a1cfcb63a0424ed8763346e761d56313f", "d4719573a08bddb3082f2da4cc7eebc962d56e17ff99937139e93e7eab0c50a3", "d695e2bc7628a76f604837cc8708d41cacab5b15c522153276ada329493faab7", "d6c1da8ee89611dac07dd670d5684739940bec8c6cd504f59a394075a57e91b2", "d7491a4adc2449fc11cf6e5e4ccdffee6333ad024d72d4f05ea0d75219e4a743", "d7d8849c8512343d57d5315c6e66831279386e308617414f879637e0c05a321b", "d7fcb70ac8c49e9b6517cf4c646d29121b0b286cb8471effcd989e251eaddd2b", "d89051e5b664b3c695d81c77e3c6ca318911e606a5aa9a66dea903a37d763ea8", "d894174606e2dac32e27d1348facddbe50acb6c16f9c05560b8f699597c5b8fe", "d8e96e3d69480de9ddf8caf8f5a1264d231c35683964370137e9dde5f923c46f", "da0bbc737d9692ea5b88fe0ebdb1dde45d4da768ba49c70b44df08338f021dfb", "dad6d881c717afde1db0c17e47946eeb4329d1a3526e3af176a6cd820cda40dd", "dc8234bc7f1afcfdfcde057d0b5c8b4a1b3361bb6f303f26bdc7ed41fee79b49", "dc99083fd66f62595105659f5adb1d55f81a9ad4614cbfd3826647946d0762ae", "dd2f733ee22bcbc0a3efef1ff0a3cb1b1e0e852323e2a99a31c36af86087472c", "dd40ffe3671e3f2f7f019a71042f8e3cd102a53b2e212b966ff5a52429f21291", "dd84568e80a5f51e22e52b95a3266964f8005303c39b52aa04521b882a31131d", "de943524fd9494e5a9084d951500601bf459a26f406acf354cc1f388067bf953", "e056cd024abccd4be7cb0a6b9e7c76454a3fbcee6309fff17a0680baeec669da", "e0939d829bcfb5dd00e941f9bf4ce8171dcf81e2d8ae861ac91fd2decff57575", "e1bc3707a10a882425c9b544ec0ce265f798f4de9576fc67d4089f5132c5ce4f", "e1c8d952f1f947c142fd6940d76433920614b03f95aef5a9accaa3622a93a0b6", "e396253f2036c632076116b8adc10afa606df60508c2afefb43d0b443e92944b", "e3bf7d4b4d59f3b4a12a750b78322d33ad3252cf97038de534c102049b765330", "e3e6406d4bc2cc088a06773c120dab03a249e1de4bdeaf52b9b595074d5d75b1", "e432666ea677de4aae69f3086cba3bb60b23bc6e98a64c96a1fe2263ca83c21f", "e4659b82e9262fbd43a3498409261ead063b45cdd8d7bf09cbe89e7a139d0d52", "e636fb1cc837ea16dfc0b935bcfd56b272a29b17ab5c87463d5b24426e5c38dc", "e6cb0e33de091f8f72fc33b6a1f4cc991f5e25a7aa83f7b12d4bff17b53e7c54", "e6ce2c1e80174254f1c3a2ad597790e6adb865bd4d3a939eb5ed92c62fb6f1ad", "e7233343a0b686fa41af493a17987cd1c7a0eafb33e623feda8639d1d172f4e1", "e7c32e65f35f3046ee192e6d6aae0f1bcd827d3b5db738835e4c697b5430b5d9", "eabc58c92209b8ff430164cf66c466218d5f6d83535e939c6670bb0d826c9f94", "eb56ccfa4c570acc06de257311b9fad749089b47aa674a0f23f5465fd509356f", "ebb1cf9d82bd510af9fb68d8ccac4e38879db24aa682c03b39a5d37aa8dd6fe3", "ecae88a859ef7a7fa17c321ecf2738736d9e644073b1718476167f0dc2e783cd", "ed18c1fe7345fb4b94dd7686098949d227fc1b613a6f9e6d8cfe10a276ec8809", "ed88fb14b604277e45b3882b2dc99dec05e816d17169b30be72d10d564b4eee3", "eda01c541c1b8f6cc69c08be87bc6d46962637eba0691a7eddac9991e5f1555b", "ee50b345b5a4e4c13a60392958dcf8bc66ea684406a8c6898cd20b2b5e6946ba", "ee58c11312c27aca148518be7103924e19ad42cb5bc7ddd6c8acb6bd88cd7a73", "ef0194c08f51fc51546a12694d7cbcee25bcfd7af6972c40dc3b4035ab6a41b1", "ef09ffc858d49191a3e4528bb99b3ec49921702b5a346c5ef1743bdde6e87a1b", "ef775a66683cc4fb780dbe1b93ada6f03abb01a2f6b7ab6784d8b31bec6053fd", "f0fdfa54697bef8762a1db5de4aa2b34fdfef881a8886f4f6f68fdb93748c549", "f12947686a80f4a63d1e46160ec78c0e8114f181bed506329b79315f50a5d49a", "f200c03faee404fd4006d4a5d584d09949d69355fa90d9d370183651a01c784a", "f2aa603bfc7853a2729300c79bf1d181f9f19ce2c3b9ba2606073efbda72d216", "f2acae8ad9e4ffca98f6d37ff4367d7bf89e5c93601c47db6e0ad601d4c46bdf", "f309ece835d66f3b8d1b0f1283c4ddf66f8c667d809cdd31596186e3b7d30336", "f38cee8872dc467671c00ba3cff36c445534fb4c790bfe64a122a20ae0d7d69b", "f3a27e178475c2a008f8410c631e056fe4ae70818c023c932337d0fc2c3e18ec", "f4cc01f8b3ef0cd8f2fb65a8ec49d949120762f8bf3982fb8cca5142c09569ac", "f54ca1b8bd0a43ebf07e25e7f3886c3da1c34dabac007cdffbd9404a5bc301d6", "f648d205438f1eae8ae9238ccf22c908b9e34469cb62ba3d31e4b376e4e4ed30", "f91cd4a4d586835d508f21a42e2d331460a7ba46cc97e2dde1f9ac7114915b38", "f9e4a1f1ad5104badaea513830e74faa3e26624bae988a41b7f66e0bac0e5f3d", "fa501e4a47602aa3034c77ca90fdeeb4aef29e1afa016fd13adefa695efec369", "fb5b98f92f14a7c79af236997dec966a0b343cce6ce383cef592fd8b95f383de", "fbdc447590cb2f642bd3c3dc057a6925bcdd55f65994afc38ad4716cf24bc63f", "fcdc2cf02beb31f5cb8c6104e76df8bb50deab35b3f804fc89d99bb934475e65", "ff019eefe7a95cc1e0da24307d8aca626e222bee69ecd2c1ae3fb7c92ac9b09f"], "iocs": {"domain": [{"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "host": "hjhqmbxyinislkkt[.]1j9r76[.]top"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c"], "host": "chain[.]so"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c"], "host": "bitaps[.]com"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c"], "host": "btc[.]blockr[.]io"}], "file": [{"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%TEMP%\\8f793a96\\4751.tmp"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%TEMP%\\8f793a96\\da80.tmp"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\03809a07-348b-48cc-b08d-f7b8472c133c.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\07a5080e-becd-4719-9a79-fe50b59eb55b.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\0d984a6a-e70e-4747-bded-b92173e85c21.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\0ec91619-5478-4e5c-aa1b-8da00a066091.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\115556d6-ba8b-4b18-8439-8e9c81ff63a4.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\1e81fb27-0aa3-4b11-a764-0d9e7e3272ea.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\3c6a9801-329c-4eba-9524-2165ac426bef.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\52c39d7c-6d6b-4ad3-b5e5-c417949d335d.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\5318eba9-773d-4fec-9366-6e84f8dfbbc5.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\5394c05d-dc33-4d24-bd45-2d8954648f28.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\62e3dfa2-4350-445b-8693-d1d04a74543c.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\6a8b0e06-e9a5-4761-afda-29391149e64d.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\70c3a864-35fa-4245-802a-dbda1e3f4c00.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\70d1f452-966e-4e28-8da5-8b2eeadbe078.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\7b168dd1-e39e-4b39-918c-53b9e78365e9.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\7dceec06-0991-43f4-8af3-601c0ebeb910.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\8339d228-5ca6-486f-8793-633aa6af18d8.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\a4fbc2bf-8cc2-4a6d-b3c7-0ef749399e7f.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\a507cd65-0038-49e4-8cdb-b6082f566351.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\a6f0f9a9-e50d-4612-9e8e-f5640793680c.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\a9e6bb3f-0b62-4410-86f7-68bb36989df7.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\b1503304-9b12-4d90-89e7-df30e304e6c2.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\b2a67a4a-c116-4c88-9fd1-c5b9a23d7929.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\bb4e150b-7e2a-4556-81dd-590d7ab07dda.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\bf4e96cf-9460-4049-8172-cfb4bec57f8e.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\c129b038-2a0f-4994-b354-64ed233a0973.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\d024a53a-b32a-417d-8f75-e1998be423af.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\d137f4ab-4b3d-439e-836f-ffbbc700bef1.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\d32a2c63-e181-4374-a527-d8ec3791e0cc.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\e29a7eaf-32ad-400c-9927-05c358358ffc.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\e5116f77-b907-4c46-8bfa-006092a6714d.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\e51cf594-e321-4d1c-88e7-df9cde80904c.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\ee4479ee-b960-4d54-abc8-c9e95e2bf81f.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "%LOCALAPPDATA%\\microsoft\\onenote\\14.0\\onenoteofflinecache_files\\f173a3a2-bd1a-460f-b78a-faf2a51f6d91.png"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.hta"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.txt"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "path": "<dir>\\<random, matching [A-Z0-9\\-]{10}.[A-F0-9]{4}> (copy)"}], "ip": [{"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "ip": "94[.]22[.]172[.]0/27"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "ip": "94[.]21[.]172[.]0/27"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "ip": "94[.]23[.]172[.]0/25"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5"], "ip": "104[.]20[.]21[.]251"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c"], "ip": "104[.]24[.]104[.]254"}, {"hashes": ["00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c"], "ip": "104[.]24[.]105[.]254"}], "mutex": [{"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "name": "shell.{<random GUID>}"}], "registry": [{"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["0092012137ac9f4d9b0a69ae613f0b5accb6f727abdc797ac0d09b63cbda132e", "00db5aef8e8c95cebcce356cf86de38a0fc5ec7ff0bd30a60601a469b2afb00c", "01c5a9f3a5219fdbd4c2c9d49ebe3f94c495a1577f361b990e0712ac00021fd5", "0636ec1f76d70cd1b354c9f6482d3ebd17924d1e528bc33f676d85a1ca56a9d6", "06700a55e763b37e3a32b91ddebf8b9cbfb6c303cc06b2e18a8cccf3a34c93fd", "068ae45c71ff0c4ff7e2588a199bd6c7a3eb8cfd638947ab0962fd99968009d6", "075c8a0ae166e61c1980c1a52c3cb4107576a0fdf8fc42aded8ed3d0d90b2c9f", "076c31502bbe96e4cd83e8f8cbf8081ca7c35326156f4a3fac533a20b849f3ea", "081118ec42df31e4adea2a756f721b1089c4d9d12e5868820ea6d65224ed99f4", "09a41d2ef9ef21e8054fece841058c162dac349714995719e7f80b5c22f61d44", "09b4d335007557e2fa78858923581c7c6afadd113ff3ff288e6cb4a9ed8306bc", "0b1d1e112adf8c262163a429b6a4300f9c9710b423990ce23ea84c6de4b8c887", "0c3b569b7df4012d4d8901d3c454c8d5d80810256135f948d05505ca5ef4ce7f", "0cd86ceaa9e99623db285af62ec035efe7fcb7d13c135bc79424bd42cd26668b", "0d743aa19106d02a5f24c5111ebcf0b44b09f28fb69f87ffc2c08c5dd5f086f1", "0e70f67a4f86ff3f981cc5c07d1250af23d932e227e74cbfebd53ad102ec015a", "0ea85246bf4d27539f79454d55e1bf89bffb7f8348aac0b4b9d9df43544a9a5c", "0f8344202cc77165b1bd371013dab1cd2461ddbd29cb0ca9c112282184f3760e", "0faee0e2a483482f20445e1b3cc807ec57abbfdffbc65e6671cc54fa8fa5a0ff", "100de5ee6765b5d7947295e132eaa86e386e34d983ca326b541b432c1550ef0c", "1233c7dcad7a5076c413eff17600a531ed3c940c60e684dcb301944283d55ef5", "123c8b730fc26bfdfd7d5f586bdcd928f46a5719bf62cbdf0e86ab601e629f7c", "12f419862a1940f1e90d21b2c9c62df99ddd8bc108e024e5f8c3f65358892d96", "12fe596431820554ca0efe683e0d931165ee9f58c592e4704dd1b1fbecdfe17c", "140112838af414b1d692262da0509e0cfa4a964df490e30e5c9fd107f0724381"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}]}, "reports_count": 25}, "Win.Ransomware.TeslaCrypt-7661903-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "dns-query-nxdomain", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "http-response-client-error", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-dns-category-proxy", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-program-dir", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "cta-match", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "startup-folder-modification", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-file-modifications", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "wmic-shadowcopy-delete", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "process-read-ie-cookies", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-modified-quick-launch-file", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "process-deletes-many-files", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-teslacrypt-31", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030"], "mitre_attack_tags": []}, {"bi": "decoy-wpfv", "hashes": ["4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05"], "mitre_attack_tags": ["TA0001", "T1193"]}, {"bi": "network-snort-protocol", "hashes": ["b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TeslaCrypt is a well-known ransomware family that encrypts a user's files with strong encryption and demands Bitcoin in exchange for a file decryption service. A flaw in the encryption algorithm was discovered that allowed files to be decrypted without paying the ransomware, and eventually, the malware developers released the master key allowing all encrypted files to be recovered easily.", "hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "iocs": {"domain": [{"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "en[.]wikipedia[.]org"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "www[.]torproject[.]org"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "sondr5344ygfweyjbfkw4fhsefv[.]heliofetch[.]at"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "music[.]mbsaeger[.]com"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "pts764gt354fder34fsqw45gdfsavadfgsfg[.]kraskula[.]com"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "surrogacyandadoption[.]com"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "imagescroll[.]com"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "worldisonefamily[.]info"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "biocarbon[.]com[.]ec"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "uiredn4njfsa4234bafb32ygjdawfvs[.]frascuft[.]com"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "host": "stacon[.]eu"}], "file": [{"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I0ZU5JT.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I478AKJ.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4FI238.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4FKVBH.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4QK3KJ.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I5QX7W9.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I77RW1L.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I7J37KF.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I9NSD58.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IANXEE8.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IC5NB1M.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ID60W3E.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IIUTK07.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJE160U.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IKAVPAE.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IL2NS3P.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$INKC8CM.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IP8M1EE.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IPDP9E0.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ISIYA4I.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IV54ALI.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IWK2JPN.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IWYYKMD.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXC3P46.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IZ7KADN.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R0Y9SM6.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R0ZU5JT.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R478AKJ.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4FI238.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4FKVBH.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4QK3KJ.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R5QX7W9.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R7J37KF.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R9NSD58.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RANXEE8.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RC5NB1M.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RD60W3E.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RIUTK07.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJE160U.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RKAVPAE.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RNKC8CM.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RP8M1EE.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RPDP9E0.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RSIYA4I.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RV54ALI.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RWK2JPN.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RWYYKMD.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXC3P46.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RZ7KADN.txt"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "path": "%HOMEPATH%"}], "ip": [{"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "ip": "204[.]11[.]56[.]48"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "ip": "85[.]128[.]188[.]138"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "ip": "162[.]241[.]224[.]203"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "ip": "35[.]209[.]43[.]160"}, {"hashes": ["30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05"], "ip": "13[.]107[.]21[.]200"}], "mutex": [{"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "name": "8765-123rvr4"}], "registry": [{"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLinkedConnections"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\SOFTWARE\\ZZZSYS", "value_name": null}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\SOFTWARE\\ZZZSYS", "value_name": "ID"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": null}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa", "73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf", "732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7", "7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45", "f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": "data"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030", "30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440", "4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96", "8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6", "a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d", "b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05", "e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["7f1c9158992eda790c3261f863483e725beebb4e7fd71ca2e5c16314c7604015"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tqeqoorwlxid"}, {"hashes": ["f58fd016f90c00492769ae3ae2a4ac19e0a191f4b01a20cb858dff057a22e2a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rumrcdrdutbj"}, {"hashes": ["e2f74639c8a0dd733a3f13462f0bf4f24e79b9ee975a08ba9b9b14930e7b5a45"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wqujtfmdejmu"}, {"hashes": ["732f829024ee6f6a8187fea902ed4e14558f7397bc97b0fc9a7b72c399ca91e7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "alvanliavldx"}, {"hashes": ["5fbb5d7e01765880af73e48eefc28de505d90c614014c806d20beacd9910bffa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "oshhkaqailwl"}, {"hashes": ["73187a2374eac611e8017ab1d0b435ed340dd9021fc977e7e0dc941b37674baf"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ysypdwarioyy"}, {"hashes": ["a3298df6b7bdeee2db47a6359ab3ac803ccfb18a710cc940ce6a101cabacbe05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "yrxyvdrroolc"}, {"hashes": ["30d80d70caedcd0dda064b08c891dd03ed806256d33b68ce03c8b66d60df3440"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jxsqvbjdrtds"}, {"hashes": ["ad7c18d30ad91ca4239e18212262665ea87668ea86db33f52c3b1088e1727904"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rgjlrhvjjpou"}, {"hashes": ["8ea24fe11ad161099558c1be064ab95dd9ee86514e473fdc11e0b42779dd0cf6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "imfnsodpfkta"}, {"hashes": ["d2f9594192012c101b99d01b7da94bc36a8c844ef8a03293ba53c6bf500366f7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "grnauwlymwit"}, {"hashes": ["a89241d1ae4cb83b82f431e585ec3be5a6358a0a92e102dbc04ccd7b0c9ac20d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nkrophjjalot"}, {"hashes": ["b367b71dfaa64c4907b0982a507d19971a49a2686ce680eb002ae562a15fde05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ybqqycjuwiua"}, {"hashes": ["2cb495e91167d391adab4a9c0b7ca7a13efd23e2b34336a51370ad3ddb19e030"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jqjusogtdkug"}, {"hashes": ["4618bc173013075772bb85303d0114973b0b4a2cbbf1b3e49278e777cecffa96"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qoodkbylegrk"}]}, "reports_count": 15}, "Win.Virus.Xpiro-7654385-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-dot-net", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-action-center-disabled", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "pe-imports-toolhelp", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "malware-xpiro-mutex", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": []}, {"bi": "registry-disable-smartscreen", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "iocs": {"domain": [], "file": [{"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\Source Engine\\OSE.EXE"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\GROOVE.EXE"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%ProgramFiles(x86)%\\Mozilla Maintenance Service\\maintenanceservice.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\FXSSVC.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\alg.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\dllhost.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\ieetwcollector.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\msdtc.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\msiexec.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\snmptrap.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\ehome\\ehrecvr.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\ehome\\ehsched.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{33EC2C09-9668-4DE7-BCC0-EFC69D7355D7}.crmlog"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%CommonProgramFiles%\\Microsoft Shared\\Source Engine\\OSE.EXE"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\SysWOW64\\dllhost.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\SysWOW64\\msiexec.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\SysWOW64\\svchost.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\cisvc.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\clipsrv.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\dmadmin.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\imapi.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\mnmsrvc.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\netdde.exe"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D181BC64-A806-4079-A778-7CD8233C69DB}.crmlog"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenrootstorelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenservicelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngenrootstorelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngenservicelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework\\v3.0\\windows communication foundation\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v3.0\\windows communication foundation\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "path": "%System32%\\sppsvc.exe"}], "ip": [], "mutex": [{"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx1"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "gazavat-svc"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx54"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx55"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx56"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx57"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx58"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx59"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx60"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx61"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx62"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx63"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx64"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx65"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx66"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx67"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx68"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx69"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx70"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx71"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx72"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx73"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx74"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx75"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx76"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx77"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx78"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx79"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx80"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx81"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx82"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx83"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx84"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx85"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx86"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx87"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx88"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx89"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx90"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx91"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx92"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx93"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx94"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx95"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx96"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx97"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx98"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx99"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "gazavat-svc_37"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "name": "kkq-vx_mtx<number, matching [0-9]{1,2}>"}], "registry": [{"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IDSVC", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IDSVC", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Type"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SYSTEM", "value_name": "EnableSmartScreen"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL\\SPACECADET", "value_name": "Table Version"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL\\SPACECADET", "value_name": "Table Name"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL", "value_name": "Last Table Played"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL", "value_name": "Table0"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!", "value_name": null}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL", "value_name": null}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL\\SPACECADET", "value_name": null}, {"hashes": ["144388070ba8022422f7719873c9d0cdc4dd5916addb9d529b83dc46158faa1a", "53ec58de31c2a8b9c1fe1f2f0536a656f6cc94df7b085c5805df69abc3c1adaa", "5f87f1626346041906a23d53e91759703ea87b48f7ac4d43a7a4a63d1a5848d1", "7c91cbf8aceef7c330ff2cb69e4efb561cd43a9bd3721d007cbbf1a19bf2d28d", "846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "9823fa818d9c686c176e06285dcecac4ad395cee5ac51291ada88a2d4f56f2d7", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "b2d12ba1c096d4ea0d1b61aed39d346dcff2acfab6ba10d8c3b7c55a65137719", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05", "f6cb28c646c0dafbd34baad35390cd0972879c5d82047da44c47443606bc282c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PLUS!\\PINBALL\\SPACECADET", "value_name": "Table Exe"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Type"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Start"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Type"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Start"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Type"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Start"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Type"}, {"hashes": ["846779bffc61e6deeec2319fc7f3a8baab2d0fa3fa165cd74b95e2602aeaeb3a", "a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Start"}, {"hashes": ["a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Type"}, {"hashes": ["a98862424e526d5f63b01e5b1a775eeebdcc2ab02af7e4d2f7a7a990c01e5038", "cdb33f61c315ef5818eb7b791e9970249bceb5d529a3df5ccee66541865d1a05"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Start"}]}, "reports_count": 10}, "exprev": [{"count": 18402, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 6050, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3011, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1053, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 123, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 90, "description": "A process created a suspicious Atom, which is indicative of a known process injection technique called Atom Bombing. Atoms are Windows identifiers that associate a string with a 16-bit integer. These Atoms are accessible across processes when placed in the global Atom table. Malware exploits this by placing shell code as a global Atom, then accessing it through an Asynchronous Process Call (APC). A target process runs the APC function, which loads and runs the shellcode. The malware family Dridex is known to use Atom Bombing, but other threats may leverage it as well.", "name": "Atom Bombing code injection technique detected"}, {"count": 84, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 44, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 21, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 16, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 14, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 8, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 5, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-04-17T14:23:41+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Virus.Xpiro-7654385-0", "Win.Dropper.Upatre-7658518-0", "Win.Dropper.Bifrost-7666040-0", "Win.Ransomware.Cerber-7660649-0", "Win.Packed.Razy-7660763-0", "Win.Ransomware.TeslaCrypt-7661903-0", "Win.Dropper.LokiBot-7662731-0", "Win.Dropper.Remcos-7662156-0", "Win.Dropper.NetWire-7662196-0"]}