{"Win.Dropper.DarkComet-7899778-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "malware-known-trojan-av", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-requested-softice", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "pe-section-execute-writable", "hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "artifact-vm-detect", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-section-shared", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-dynamic-domain", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-system-dir", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "fault-report-file-created", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-packed-asprotect", "hashes": ["e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "iocs": {"domain": [{"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "host": "lord00008[.]no-ip[.]biz"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "host": "liban1[.]no-ip[.]biz"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0"], "host": "midoumed[.]no-ip[.]biz"}], "file": [{"hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "34a472ce98bf53d6e7de1e9dc20abaf60fb1e75df2377872d1941c00d293ccd0", "3f05cf5a859af10883bfb9b38439053e15de24cd5375fd635dae034212bc62fb", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "4b8efd1f41e04be0f1ce6bc96a726f0eca17d10bb595cc9e9b4d339fd1582d8f", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "path": "%TEMP%\\temp~~~21.tmp"}, {"hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "path": "%TEMP%\\temp~~2.exe"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%TEMP%\\XX--XX--XX.txt"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%TEMP%\\UuU.uUu"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%TEMP%\\XxX.xXx"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "path": "%System32%\\install\\server.exe"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "path": "%SystemRoot%\\SysWOW64\\install"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "path": "%SystemRoot%\\SysWOW64\\install\\server.exe"}, {"hashes": ["8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223"], "path": "%ProgramFiles%\\Bifrost\\server.exe"}, {"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "path": "%APPDATA%\\install"}, {"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "path": "%APPDATA%\\install\\server.exe"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%APPDATA%\\config"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%APPDATA%\\config\\explore.exe"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "path": "%SystemRoot%\\SysWOW64\\config\\explore.exe"}], "ip": [{"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "ip": "94[.]73[.]36[.]254"}], "mutex": [{"hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["01d2edd8d2ce89579a51638685c8c7cd0fef1c9f3c6fa7bbab4aace38f8e5925", "256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "467101ae3bf5155a60268f5244e1b493bc46b630aa8edd90a79058f1a6dbc246", "631bc5dd3ca854488a1f198f76add45b2ad2020bff309fe3330a94669233517d", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "8323d2db8bd7597abb4f7bf82c862cb3635cd99a335ae0f313440f56afd0a5d4", "9794c29b24247de64ee5c1575b0f0eeae5c603bd7cb6a8d2a2cf5f600294ded8", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5", "c36a03217f2165fcb2dcd7f309121f05079dc1393c0b0076ba47e1afd64356b9", "e8543f8450f410ac8fb4793c68fadebdc3fd14a818820ffa1520a04e32f83e76", "f09cb52ed2a06d3b57fa82983234cfcf3831ebdc9ef6c93768596e909ec68698"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "name": "***MUTEX***_SAIR"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "name": "***MUTEX***"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "name": "***MUTEX***_PERSIST"}, {"hashes": ["8768a4aa5c8c54a3b86d53ea7c5b4825577e62da2b7983832497eb429c618223"], "name": "Bif1234"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "name": "Global\\f81f0801-9fbd-11ea-a007-00501e3ae7b5"}], "registry": [{"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": "StubPath"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0", "ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": null}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0"], "key": "<HKCU>\\SOFTWARE\\ADMIN", "value_name": "NewIdentification"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\VICTIM", "value_name": "NewIdentification"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0"], "key": "<HKCU>\\SOFTWARE\\ADMIN", "value_name": null}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\VICTIM", "value_name": null}, {"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "key": "\\x3c\\x48\\x4b\\x43\\x55\\x3e\\x5c\\x53\\x4f\\x46\\x54\\x57\\x41\\x52\\x45\\x5c\\x56\\xfffd\\x54\\x49\\x4d\\x41", "value_name": "FirstExecution"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\VICTIM", "value_name": "FirstExecution"}, {"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{MD040434-RSF0-71WJ-C213-X7A37FM8IT4O}", "value_name": null}, {"hashes": ["81a3cbff30c204968e779fc07534cef53c359ccb156ebd4e37595ac3e45e1527"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{MD040434-RSF0-71WJ-C213-X7A37FM8IT4O}", "value_name": "StubPath"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Explorer"}, {"hashes": ["ab3e252dd391407f32fac2d90dc5093c2cee1478be6e965c55d3b65449d808f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Explorer"}, {"hashes": ["256e7bae5f2a65e669fe1d3b0536e13dc891b5a2d10f2172160e61126bf913f0"], "key": "<HKCU>\\SOFTWARE\\ADMIN", "value_name": "FirstExecution"}]}, "reports_count": 15}, "Win.Dropper.Emotet-7867783-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "network-snort-policy", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "deleted-submitted-file", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "mitre_attack_tags": []}, {"bi": "malware-emotet-mutex", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "pe-uses-armadillo", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "iocs": {"domain": [], "file": [{"hashes": ["389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb"], "path": "%SystemRoot%\\SysWOW64\\Faultrep"}, {"hashes": ["3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "path": "%SystemRoot%\\SysWOW64\\chkdsk"}, {"hashes": ["631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92"], "path": "%SystemRoot%\\SysWOW64\\vbajet32"}, {"hashes": ["83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391"], "path": "%SystemRoot%\\SysWOW64\\mfpmp"}, {"hashes": ["482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a"], "path": "%SystemRoot%\\SysWOW64\\bcrypt"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "path": "%SystemRoot%\\SysWOW64\\tapiperf"}, {"hashes": ["215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72"], "path": "%SystemRoot%\\SysWOW64\\xpssvcs"}, {"hashes": ["113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832"], "path": "%SystemRoot%\\SysWOW64\\provthrd"}, {"hashes": ["f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "path": "%SystemRoot%\\SysWOW64\\PortableDeviceStatus"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "path": "%SystemRoot%\\SysWOW64\\oleprn"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af"], "path": "%SystemRoot%\\SysWOW64\\msdart"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af"], "path": "%ProgramData%\\CFpoY.exe"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "path": "%SystemRoot%\\SysWOW64\\DisplaySwitch"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "path": "%ProgramData%\\FpfXxGsScTqxDXZx.exe"}, {"hashes": ["3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "path": "%ProgramData%\\kIvDbFVdYlmlznou.exe"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "path": "%SystemRoot%\\SysWOW64\\usbperf"}, {"hashes": ["7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527"], "path": "%SystemRoot%\\SysWOW64\\feclient"}, {"hashes": ["95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f"], "path": "%SystemRoot%\\SysWOW64\\comcat"}, {"hashes": ["f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e"], "path": "%SystemRoot%\\SysWOW64\\KBDDV"}], "ip": [{"hashes": ["113b40db69b8f17ef2b6f82eff609b4bd23502d9d2edbb14d9f8fb71c145a832", "215b3018bea3700def69a6150834943143d95e84f208e538963573008b37cf72", "389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb", "482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a", "631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92", "6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d", "7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527", "82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985", "9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7", "f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e"], "ip": "162[.]154[.]38[.]103"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f"], "ip": "144[.]139[.]91[.]187"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "ip": "103[.]83[.]81[.]141"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "ip": "190[.]47[.]227[.]130"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "ip": "51[.]159[.]23[.]217"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af"], "ip": "104[.]236[.]52[.]89"}], "mutex": [{"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "name": "Global\\I98B68E3C"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "name": "Global\\M98B68E3C"}, {"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "name": "Global\\Nx534F51BC"}], "registry": [{"hashes": ["1a704b8ed68df0fe2e96373451f242626cd01b4fe24f655f44517bd53f2780af", "297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0", "3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559", "83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391", "95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f", "f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "98b68e3c"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "Type"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "Start"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "ErrorControl"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "ImagePath"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "DisplayName"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "WOW64"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "ObjectName"}, {"hashes": ["297f2fc9e0ab74dedaf6aee9dbc98f1c143870d72e6ea9e0b6aff6b4d6fb92a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DISPLAYSWITCH", "value_name": "Description"}, {"hashes": ["3719e17d0d1b459719af3f877469d32082e1d6129d3ea8005e97f1766e9c3559"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CHKDSK", "value_name": "Description"}, {"hashes": ["389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSVCP140", "value_name": "ImagePath"}, {"hashes": ["389b6b3a7235f238983055562b2aed53659773faab0552fb02ed1dd39952c4fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSVCP140", "value_name": "Description"}, {"hashes": ["482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VIRTDISK", "value_name": "ImagePath"}, {"hashes": ["482a997a4a4c4b464d1e911e1969305de338131453c15a16919bd56c26b6897a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VIRTDISK", "value_name": "Description"}, {"hashes": ["631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMDRMNET", "value_name": "ImagePath"}, {"hashes": ["631205b9a57ef704444f554fcd5998bd2d81e5cf5d74c8efbd39760103c3ce92"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMDRMNET", "value_name": "Description"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": null}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "Type"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "Start"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "ErrorControl"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "ImagePath"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "DisplayName"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "WOW64"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "ObjectName"}, {"hashes": ["6e2c1db712ca2356eb07f099eff3a992cb24b8330d98236bf88f4020e090984d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSOEACCT", "value_name": "Description"}, {"hashes": ["7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SYNCINFRASTRUCTURE", "value_name": "ImagePath"}, {"hashes": ["7da555ba51a74c369a9316a669cc596503f0981fcd1af8e60262d7e43c83d527"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SYNCINFRASTRUCTURE", "value_name": "Description"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": null}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "Type"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "Start"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "ErrorControl"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "ImagePath"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "DisplayName"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "WOW64"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "ObjectName"}, {"hashes": ["82fb21e65596221b25e8c0173f4b9318e3538cfaf79d10c5f8ac8683eb5fa985"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TSPKG", "value_name": "Description"}, {"hashes": ["83f37af8208e490b2345a36015a818bf9060dd7e9e4757e781ca74a25dbee391"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFPMP", "value_name": "Description"}, {"hashes": ["95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMCAT", "value_name": "ImagePath"}, {"hashes": ["95e89f7d27159044efb7da3702bbfcb9ad2975d8e206d595bcdec2f9b2c4571f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMCAT", "value_name": "Description"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": null}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "Type"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "Start"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "ErrorControl"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "ImagePath"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "DisplayName"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "WOW64"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "ObjectName"}, {"hashes": ["9a121dd92ee0e7998a65b1fe0dde52d03b64cfe9a9800dae9e76def0839fc7d7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SIGNDRV", "value_name": "Description"}, {"hashes": ["f01ef60d203fefba375ebb35c86c1f87033c14bfd568918ac219075cfb1ce40e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DDODIAG", "value_name": "ImagePath"}, {"hashes": ["f83e2657557037441488f658d4d3bc133ab4576c00acf2166ad7c4f4a7c7d0fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICESTATUS", "value_name": "Description"}]}, "reports_count": 16}, "Win.Dropper.Tofsee-7887861-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-exe-file-execution", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "pe-certificate", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "network-communications-http-get", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "listening-port-opened", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "netsh-firewall-generic", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "pe-invalid-checksum", "hashes": ["f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "http-response-redirect", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-exe", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "process-check-virtualbox", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "pe-header-subsystem", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-bcdedit", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "T1063"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-util-bcdedit", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-harmful", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "http-response-client-error", "hashes": ["59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-filename-mismatch", "hashes": ["d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-communications-smtp", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1031"]}, {"bi": "netbios-null-domain", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "sc-service-create", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "new-service-launched", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "powershell-encoded-buffer", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "modified-file-in-program-dir", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "malware-generic-ransomware", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "process-deletes-many-files", "hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "html-phishing-page", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0001", "T1189", "T1078"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "html-small-file-redirect", "hashes": ["92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": []}, {"bi": "dns-punycode-domain-detected", "hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "mitre_attack_tags": ["TA0011", "TA0005", "T1132", "T1027"]}, {"bi": "excessive-tcp-connections", "hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": []}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "suspicious-user-agent", "hashes": ["4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "mitre_attack_tags": ["TA0011", "T1071"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "41f5102fd9f3254b4107faf28af1f0dcbb17663cd4b954e026a81e2a5237262d", "4c2ad41f70e89f42fa43c6786e4df010d716342540dbbaf98a8316d09dd65332", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "579af5fcb22401ecdc8b2e6dfe8dcfc967dac6bde3fa23b19d752af38aad3aa8", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "9ff0624d1ea3a7e458e6f0f00c3858ff26dfccfd88f9655f0d19815bab621e6f", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "aefd7e82601aa4ec6193c21f6fd2bc2e14dc7db87fae0c7f47a58dd50a520904", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8", "f591dfd52af8c4ae3043f811ca98609e38304b978fdcb4dd37f41606a1b4f6fb", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "iocs": {"domain": [{"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "host": "hotbooks[.]tech"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "host": "cacerts[.]digicert[.]com"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "host": "cdn[.]digicertcdn[.]com"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "host": "easywbdesign[.]com"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "schema[.]org"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "host": "ipinfo[.]io"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "smhydro[.]com[.]pl"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "www[.]pcprofessor[.]com"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "pcprofessor[.]com"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "cityorchardhtx[.]com"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "neuschelectrical[.]co[.]za"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "mikeramirezcpa[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "higadograsoweb[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "art2gointerieurprojecten[.]nl"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "sahalstore[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "thomas-hospital[.]de"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "babcockchurch[.]org"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "nuzech[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "gadgetedges[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "antiaginghealthbenefits[.]com"}, {"hashes": ["621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422"], "host": "bumboxik[.]casa"}, {"hashes": ["621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422"], "host": "bumboxik[.]club"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "julis-lsa[.]de"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "mezhdu-delom[.]ru"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "gporf[.]fr"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "freie-baugutachterpraxis[.]de"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "qualitaetstag[.]de"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "www[.]pv-design[.]de"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "sweering[.]fr"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "the-domain-trader[.]com"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "calxplus[.]eu"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "faroairporttransfers[.]net"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "aco-media[.]nl"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "pv-design[.]de"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "artotelamsterdam[.]com"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5"], "host": "auth[.]roblox[.]com"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "host": "mooshine[.]com"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "host": "csgospeltips[.]se"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "host": "xtptrack[.]com"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "craigmccabe[.]fun"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "host": "gw2guilds[.]org"}], "file": [{"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%SystemRoot%\\rss"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\csrss"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "path": "%APPDATA%\\Microsoft\\CryptnetUrlCache\\Content\\6EA93F6AD9138E47FE72392EA441AB49"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "path": "%APPDATA%\\Microsoft\\CryptnetUrlCache\\MetaData\\6EA93F6AD9138E47FE72392EA441AB49"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%"}, {"hashes": ["1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8"], "path": "%TEMP%\\CC4F.tmp"}, {"hashes": ["1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\ntuser.dat.LOG1"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "path": "%HOMEPATH%\\pictures\\readme-b69tvse1j.txt"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "path": "%HOMEPATH%\\readme-b69tvse1j.txt"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "path": "%HOMEPATH%\\saved games\\readme-b69tvse1j.txt"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "path": "%HOMEPATH%\\videos\\readme-b69tvse1j.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\desktop\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\documents\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\downloads\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\favorites\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\links\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\music\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\pictures\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\saved games\\readme-vk8i53.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\videos\\readme-vk8i53.txt"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8"], "path": "%HOMEPATH%\\readme-4177u.txt"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2"], "path": "%HOMEPATH%\\readme-0zo6a9.txt"}, {"hashes": ["9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "path": "%HOMEPATH%\\readme-7leoq9h63i.txt"}], "ip": [{"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "ip": "104[.]214[.]40[.]16"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8"], "ip": "104[.]27[.]151[.]38"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558"], "ip": "104[.]18[.]11[.]39"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254"], "ip": "104[.]18[.]56[.]95"}, {"hashes": ["52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "ip": "104[.]18[.]57[.]95"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "ip": "104[.]31[.]243[.]10"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "62[.]42[.]230[.]22"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "172[.]217[.]5[.]228"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6"], "ip": "104[.]18[.]10[.]39"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc"], "ip": "67[.]195[.]228[.]110/31"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "89[.]161[.]222[.]203"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "162[.]241[.]172[.]198"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "69[.]163[.]208[.]250"}, {"hashes": ["25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "196[.]22[.]240[.]134"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "208[.]84[.]244[.]10"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "103[.]224[.]212[.]222"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "184[.]168[.]131[.]241"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "194[.]85[.]61[.]76"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "216[.]194[.]169[.]74"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "188[.]125[.]72[.]74"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "106[.]10[.]248[.]74"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "98[.]136[.]96[.]74/31"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "98[.]136[.]96[.]76/31"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "67[.]195[.]204[.]72/31"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "204[.]11[.]56[.]41"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "212[.]83[.]252[.]110"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "89[.]22[.]111[.]177"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "104[.]27[.]134[.]157"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "185[.]88[.]213[.]212"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "134[.]119[.]122[.]182"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "94[.]231[.]103[.]166"}, {"hashes": ["55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758"], "ip": "46[.]182[.]180[.]88"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978"], "ip": "104[.]31[.]242[.]10"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "98[.]136[.]103[.]24"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "52[.]164[.]206[.]56"}, {"hashes": ["26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0"], "ip": "193[.]252[.]133[.]66"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5"], "ip": "128[.]116[.]114[.]3"}], "mutex": [{"hashes": ["1991c1e2f67bf751b089adea67062b50f1779cb8e23ab50bada3fea80d19b5a9", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "3c28c1430a8b5da05e54c422c28670db212b8740de36dfd6dd28bccfd3e2d836", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "9e28005c71d874507fc8a4f7b485e2afb56134c6f4251a9801e020156e19ec84", "9f0c9d3f897112dd8e8a46652123736e1c72f7c95f29c62a05d3b8192acc82b5", "c232b028722963e0fd84fc59cfcfefc72a8e7130f373cd9bd4e22fca848062c2", "d2a438b344a8693e98fabd0beb698798b3ca11ec657aa32f9d55a0bc3d50a8c8"], "name": "Global\\<random guid>"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\SetupLog"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\Mp6c3Ygukx29GbDk"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "WininetConnectionMutex"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "3821223063bdae6ed4fc1703402ea917"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\3821223063bdae6ed4fc1703402ea917"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "Global\\cd0e9d013a5bb2fce93b3e4c26877d6b"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "name": "cd0e9d013a5bb2fce93b3e4c26877d6b"}, {"hashes": ["621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422"], "name": "7FD5DB439F901942779736"}, {"hashes": ["621a5a4e64d0737b0a219ace8f7ce37a0446595c19c36b9ddc002cf0b786efde", "92c4ac0f03ec2843cbd328ea630a63556ba4dc38d800a8d31a7976eb9c61f422"], "name": "E6EE507B50F82876534592"}], "registry": [{"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "25aff2a572e08ec2e88e0d691a13cb0707196357f58d2a2f7f8e4bdfac51ede8", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "55f0d215bb839e20cf42e77a9aa054fda0e677c3c0192c633c9b2c123f0d98a2", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "9cb876124ef03ef0089b1ce07e3d59585241943f3301b20e87dfaafbae159758", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["08a1858d48b5c21eaac39926190b0d155feb06cbfce040e513be3c95d8f6efc5", "26549e3505b9f1561c30d8a20c9eb7f7b1aa4e510a45ced1ac09d602425ed492", "29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "4e869113369649b873c6d2ab085634f08e16a430df91c62cfd9aaa834b2104e0", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "f76f4751dee1e015568446dd355b99281943726085f976f21b49ad3db33199fc", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\22000011", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000009", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000002", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\14000006", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000048", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\25000020", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\22000002", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\21000001", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\11000001", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\DESCRIPTION", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000004", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON\\SECURITY", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\SECURITY", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR\\SECURITY", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d12c99f7af77\\d12c99f7af77"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "d12c99f7af77.exe"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CampaignID"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PC"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["29e2b1248389e3577686e49193504f1d66c8b768c4888b3711f2303f15198321", "41f0d123eae147a457e550185619212715913f4d26e55501cc703bf7db095978", "5010a997c8e926fd9a0d139c6c2adc65a083daad4d5584ff04aa8069d5e3afaa", "52483333be535351a2cabbfed49242f9a79c2058c94c4265009ee1387fd4d4d6", "5493ba0831e1f7de8392eec52857f63d3a79b2f98379f719ab665ac4c574b254", "59f43246948dd44433ce42af4750b476fa7a6f4e7e51135f3c0db4d5e1013de8", "abbd6e5d5cb49bb99d4df48e2ab3603b02c701c467967cc4d31184f8a4641558", "fbbeffa9a774b91d907c23c73ae94d4bcd9c4d99a96ee429c4962cf1818a5713"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\96851DB555", "value_name": null}]}, "reports_count": 29}, "Win.File.Dealply-7864013-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-snort-protocol", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-snort-malware", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-certificate", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-pua", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "malware-adware-dealply-detected", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "pe-suspicious-certificate-signature", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-adware-dealply-file-operation-detected", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b", "0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "http-response-redirect", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}, {"bi": "cta-match", "hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "mitre_attack_tags": []}], "category": "File", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "DealPly is an adware program that installs an add-on for web browsers and displays malicious ads.", "hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "iocs": {"domain": [{"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "host": "rp[.]telomor1[.]com"}, {"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "host": "info[.]telomor1[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "host": "os[.]telomor1[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "host": "os2[.]telomor1[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "api[.]w[.]org"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "gmpg[.]org"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "i2[.]wp[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "wp[.]me"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "secure[.]gravatar[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "i1[.]wp[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "www[.]addtoany[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "i0[.]wp[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "downace[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "softz4pc[.]com"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "cracx[.]com"}, {"hashes": ["b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "host": "www[.]cortisols2dilaudid2[.]online"}, {"hashes": ["cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "host": "aclick[.]adhoc1[.]net"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "host": "themecentury[.]com"}, {"hashes": ["b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "host": "www[.]cortisols2dilaudid2[.]online[.]example[.]org"}], "file": [{"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "path": "%TEMP%\\<random, matching '[A-F0-9]{8}'>.log"}, {"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "deeaf7d761dbb3d7434d378065161122296c07dfda1ad7a72fe2f364d90425db", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "path": "\\0I1G1B2Z1T1I1I0M1F1G1B2Z1P1C"}, {"hashes": ["60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "def687be0a9af6454054f20bb0bcfb9d5c7361584a024584174b4776e051926f", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09"], "path": "%TEMP%\\inH<random, matching '[0-9]{13,14}\\bootstrap_[0-9]{4,5}'>.html"}], "ip": [{"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "d745e27c1892fda16bf37f0cfaeef9cd7e201754bc75abbbd5db534186ff1c57", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79"], "ip": "34[.]231[.]131[.]84"}, {"hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "60f240809b1d3c205a585b2386dcc4a0c6ec63e6038ab122af905e3b9bd9637c", "63d49ee2a609deacf15d4c5dd3c39b8678b1ef7d64704e6eda648e28ae97cf05", "9d3aab6a662b6f245e46a0548a7b7526fb7921c38f8f2da9fafae8cdae87dde1", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "f98e4a8e0e46841709bec31e0927c502b87634356203da24d02b9a7d1201633f", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79"], "ip": "52[.]87[.]34[.]65"}, {"hashes": ["1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "31f86819ef41477c18e700a75450fb5fc733636f83f92cbf06e6bcfcfd7e39c3", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866", "db677e6fcdc8f80720323edd2c7e082ff64f805ec4e545b35c0dfaac370a7f9b", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "ip": "52[.]41[.]141[.]111"}, {"hashes": ["4685d1ea51450e291b46a4fb64b549ac423a41bdfe03f1a536c031a90ef05499", "7d57f577f22e1b87a1f94876840c924f4335cfac06ccac2dff032db5db763798", "a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed", "dd96cf4443ec8c0ddf8355f1845f5a8c3e252061041231e25bc6d829c3edd5b0", "fc959e362bbf57651d06e628cab8d47bdaafa37cd30ebd9cc4ec4dfe0f750c79", "fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "ip": "35[.]164[.]24[.]169"}, {"hashes": ["0f4d63961b5f0f85bdf17d7858ab76f4b12173f8af25a3c1c8d84d75bb46d384", "1b2fe4717cab6010c54d1132c789ab092a0f159733367f57d47a8673090e13e3", "b7305f7409d9518d57aad6c9baf04160566c1cc90a9c8284ab7f9fc1c2af116b", "dfc56347494ca778defdf4b68a70e20f8ce6b994819a9b5923a60e648de97f09", "e9803666c3f04c9091c53cb3e2ecc05e2f86fe0f20ed2a33147e2122a0c0bf05", "f37a852d668dcedf3872d1b428f742d0fbee9c64063b77d05d498f1246f49e5a"], "ip": "54[.]149[.]89[.]229"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "ip": "54[.]191[.]252[.]124"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479", "b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "ip": "52[.]10[.]53[.]42"}, {"hashes": ["cea3c5d2afb1417c2e1435fa3035777c992f167532f9a5bc1203468993f025ed"], "ip": "67[.]227[.]226[.]240"}, {"hashes": ["b56a75e8a431c78253ffca8adf967a33335ffd3413987fc129fb17dc81c3c866"], "ip": "52[.]26[.]163[.]52"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "ip": "104[.]27[.]169[.]191"}, {"hashes": ["a88b8339048897ad794f6ba051d714533eaf750ba45d93397e19280fb0187479"], "ip": "104[.]27[.]168[.]191"}, {"hashes": ["fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "ip": "45[.]82[.]253[.]244"}, {"hashes": ["fd093779663716380b6be33c5e7ffc1da88243570a9cbf648dd9a3059f85867b"], "ip": "104[.]206[.]78[.]18"}], "mutex": [], "registry": []}, "reports_count": 23}, "Win.Malware.Swisyn-7867587-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "potential-registry-persistence", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "registry-hide-files", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "windows-util-at", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1168"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0005", "T1035", "T1060"]}, {"bi": "fake-explorer-process", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "process-requested-softice", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "malware-swisyn-worm-detected", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "at-created-task-and-hidden-file-disabled", "hashes": ["ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Swisyn is a family of trojans that disguises itself as system files and services, and is known to drop follow-on malware on an infected system. Swisyn is often associated with rootkits that further conceal itself on an infected machine.", "hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "iocs": {"domain": [], "file": [{"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "\\atsvc"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%APPDATA%\\mrsys.exe"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%System16%\\explorer.exe"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%System16%\\spoolsv.exe"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%System16%\\svchost.exe"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%System32%\\Tasks\\At1"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%SystemRoot%\\Tasks\\At1.job"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "path": "%System16%\\cmsys.cmn"}], "ip": [], "mutex": [], "registry": [{"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "912b9de1c8bcca73fffbe6a1e66d6795069d586c3fc0bb06e4be06ac61f1cfb2", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\EXPLORER\\PROCESS", "value_name": null}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\EXPLORER\\PROCESS", "value_name": "LO"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Explorer"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Svchost"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "shell"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}", "value_name": "StubPath"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Explorer"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Svchost"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}", "value_name": "StubPath"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "Start"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS", "value_name": null}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}", "value_name": null}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}", "value_name": null}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "NextAtJobId"}, {"hashes": ["226c0e15608dee74ae91d33b4b1d3da205852bea0ee102407d3f7afbe55b5763", "435183eb88914f0423322548d82aa86c98c3d903cf1611e4eb1d33ad2bb79a1d", "475f2040681dbb81fc5be7bb06db8d6926e072db2c5a6b69da68e6653e323c2d", "49e4eb75841807acc4b4df0f19c5ca412e6e76cf58f4f0193189e79b74a76bbe", "4e640372416dcaf83007f60849e138096fb10b03a14471af9cf9a0b8e9167002", "78df8ad800c52151753d6bb4ed88de61a6a191eb4a1e84ff081497f34cf6f945", "9ef2a260559d4683b6888421782021b58ecb6fa9adfb925b5707adfecadff915", "b058872593ade340c07d002e293b7731310862969a0cbc7381afacdf0941fff5", "b0b53c5380fa78cc33d8dc2c38e65469c1c94a3ff23414fd45f716ebb1a46b89", "bb240ca3f79e150b5be6c497f49b4e5e0f57267c3ca0fbc50c698da0ce7fec67", "bc0ed8cb8698639a42bc19cc683232c3f7b32383b14056e3f1cf4d350646c747", "c3abc2ad083838cba536e7540eb6f6a8b928b51f6f47b828a1b1750af7b992e6", "eaef8dc6d5f18bf578b58fad675e1fea5c8685d3068ba1f8505f688450d6f914", "ff9d69ab4aa4aa95baa685f32568e72139f1d7a659d5fd1aa1627c0f6756e800"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\EXPLORER", "value_name": null}]}, "reports_count": 15}, "Win.Malware.njRAT-7867588-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "malware-trojan-njrat-registry", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "netsh-firewall-generic", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1112", "T1089"]}, {"bi": "registry-parseautoexec", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "registry-autorun-key-modified", "hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "firewall-exception-user-dir", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "feed-domain-rat", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "modified-file-in-system-dir", "hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "compound-netsh-firewall-add-windows-directory", "hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089", "T1036"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435"], "mitre_attack_tags": []}, {"bi": "network-private-ip-address", "hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "dns-dynamic-domain", "hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "fake-explorer-process", "hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "mitre_attack_tags": ["TA0005", "T1036"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "iocs": {"domain": [{"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "host": "toyboymed[.]ddns[.]net"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "host": "mateussmcd[.]ddns[.]net"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "host": "kakarotow[.]ddns[.]net"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "host": "kli4ka1989[.]ddns[.]net"}, {"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0"], "host": "emersonvb01[.]ddns[.]net"}, {"hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab"], "host": "turcoware17[.]ddns[.]net"}, {"hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6"], "host": "mrxrx[.]duckdns[.]org"}, {"hashes": ["704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "host": "dothraki17[.]ddns[.]net"}, {"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "host": "youtubebits[.]net[.]org"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "host": "troianosth[.]ddns[.]net"}, {"hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "host": "rassed26[.]no-ip[.]biz"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "host": "tiobob[.]ddns[.]net"}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "host": "xkvamtmv2tyqkpcb[.]3utilities[.]com"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "host": "bytems[.]ddns[.]net"}, {"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "host": "pewtrusts[.]org"}], "file": [{"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "path": "%TEMP%\\Gerenciador de Janelas do Windows.exe"}, {"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "path": "%TEMP%\\server.exe"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "path": "%APPDATA%\\svchost.exe"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "path": "%APPDATA%\\Adobe\\Acrobat\\9.0\\SharedDataEvents"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "path": "%APPDATA%\\Adobe\\Acrobat\\9.0\\SharedDataEvents-journal"}, {"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "path": "%SystemRoot%\\server.exe"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "path": "%APPDATA%\\Java"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\7b757fb96fad9fc63165f3e3e8e39a13.exe"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "path": "%APPDATA%\\DlHost.exe"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\7b757fb96fad9fc63165f3e3e8e39a13.exe"}, {"hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6"], "path": "%TEMP%\\Trojan.exe"}, {"hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab"], "path": "%APPDATA%\\server.exe"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "path": "%HOMEPATH%\\svchost.exe"}, {"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "path": "%TEMP%\\taskhost.exe"}, {"hashes": ["55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e"], "path": "%APPDATA%\\Trojan.exe"}, {"hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\1db30a6f5cfd38a60a7dfb15cb46ac1f.exe"}, {"hashes": ["704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "path": "%SystemRoot%\\login.exe"}, {"hashes": ["704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\c38dc06d23b7804ebbc5a572e988e955.exe"}, {"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e0a33854dd168ca0cb52535ea8f0538a.exe"}, {"hashes": ["55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\8f04f9cf1cb0a66772ec936fb174701b.exe"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\087ae7fe62a3f0a08337396554e198d6.exe"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\fee87312cf010d9fab697a63e6d036c2.exe"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b127ebd47a3ff88bf5e326e61c484c33.exe"}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "path": "%TEMP%\\Launcher.exe"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9f91c40e95b01ede3c7121b971e65417.exe"}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\0207f7035a640375c65139589cf4c2d2.exe"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "path": "%TEMP%\\LoL.exe"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\4535b367c08e162b0210569ba620c24d.exe"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "path": "%ProgramData%\\Explorer.exe"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\70236e2c14fc7518248d0d80354d1fc9.exe"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\fee87312cf010d9fab697a63e6d036c2.exe"}, {"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\e0a33854dd168ca0cb52535ea8f0538a.exe"}, {"hashes": ["55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\8f04f9cf1cb0a66772ec936fb174701b.exe"}, {"hashes": ["58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\1db30a6f5cfd38a60a7dfb15cb46ac1f.exe"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\087ae7fe62a3f0a08337396554e198d6.exe"}, {"hashes": ["704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\c38dc06d23b7804ebbc5a572e988e955.exe"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\b127ebd47a3ff88bf5e326e61c484c33.exe"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\4535b367c08e162b0210569ba620c24d.exe"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\70236e2c14fc7518248d0d80354d1fc9.exe"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "path": "\\Documents and Settings\\All Users\\Explorer.exe"}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\0207f7035a640375c65139589cf4c2d2.exe"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\9f91c40e95b01ede3c7121b971e65417.exe"}], "ip": [{"hashes": ["34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982"], "ip": "204[.]74[.]99[.]100"}, {"hashes": ["58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6"], "ip": "177[.]200[.]67[.]164"}], "mutex": [{"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "name": "<32 random hex characters>"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "Acrobat Instance Mutex"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c872337468"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c872337490"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c8723374A4"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c8723374CC"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c87233758C"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c8723376DC"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c872337710"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c872337750"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c872337828"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c8723378B0"}, {"hashes": ["b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "name": "2AC1A572DB6944B0A65C38C4140AF2F46c873EA6134"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc72337468"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc72337490"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc723374A4"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc723374CC"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc7233758C"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc723376DC"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc72337710"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc72337750"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc72337828"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc723378B0"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792"], "name": "2AC1A572DB6944B0A65C38C4140AF2F4dc73EA6134"}], "registry": [{"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["035897df349d4965d713e709492fe7f5ba0d759e72e41686d9faa68bc0ad69f0", "1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be", "34dd0545619f29a18009c986273764a4e63f6b7eceb422b24846e92a1af56982", "46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b", "556f69ea6a9e92d481411a590363b988cfb4c8962f4e72dd0837bac24a60c120", "55d70bc1834259e601b3c6a881578331296dd2645b7f77c031627b645259a71e", "58329a428ca74152fb4e6d49715a5b11b558133ca3481347ff801a58f7b73eab", "58569a864000e1befca297a40fea0a9ac310be5a70e0d47af04cb457f0deb2b6", "62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34", "704085f135c8e2fe7d3e31dabef2f527d97fa721f07c83db1c8aec2f857cc397", "b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23", "d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4", "dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b", "e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4", "e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae", "ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d", "ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "key": "<HKCU>\\SOFTWARE\\ADOBE\\ACROBAT READER\\9.0\\AVGENERAL", "value_name": "bLastExitNormal"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL\\MUICACHE", "value_name": "C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoViewer.dll"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL\\MUICACHE", "value_name": "C:\\Program Files (x86)\\Windows NT\\Accessories\\WORDPAD.EXE"}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "key": "<HKLM>\\SYSTEM\\ACROBATVIEWERCPP304", "value_name": null}, {"hashes": ["1958c699afe2e7d489afdcc40b1684f498f3e13a2687ca22ad97dfd45b5d3792", "b4a172b37dc5b401602c86482578a165f99e4587478d6dd7d0b5bce5a3d296de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\OPENWITHLIST", "value_name": null}, {"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "key": "<HKCU>\\SOFTWARE\\5AFBAF255C857E61901A891C9CAA2B89", "value_name": null}, {"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5afbaf255c857e61901a891c9caa2b89"}, {"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5afbaf255c857e61901a891c9caa2b89"}, {"hashes": ["1540ec068fa68882844dbe2e9d9cb41d1a266bb42a0e8b78b8daaa4afbcb6435", "543cf61a4fced3afc1a947389a2e03bde3776e2bb66f04facdf2604f49f1c87b"], "key": "<HKCU>\\SOFTWARE\\5AFBAF255C857E61901A891C9CAA2B89", "value_name": "[kl]"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "key": "<HKCU>\\SOFTWARE\\7B757FB96FAD9FC63165F3E3E8E39A13", "value_name": null}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7b757fb96fad9fc63165f3e3e8e39a13"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7b757fb96fad9fc63165f3e3e8e39a13"}, {"hashes": ["46ee0b85117980898d6c4108ad8d7270419c0b62f16ac6f657fe0736848829be", "d106560ec306c84ec41dd35e3430dfda52a8fd42b9d63a8c1d1675c9a26bad23"], "key": "<HKCU>\\SOFTWARE\\7B757FB96FAD9FC63165F3E3E8E39A13", "value_name": "[kl]"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "087ae7fe62a3f0a08337396554e198d6"}, {"hashes": ["62709210f1a11ca2afbc60a168f81d4cc484d1ac43ef237386b4b940ee0b0a34"], "key": "<HKCU>\\SOFTWARE\\087AE7FE62A3F0A08337396554E198D6", "value_name": "[kl]"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "key": "<HKCU>\\SOFTWARE\\FEE87312CF010D9FAB697A63E6D036C2", "value_name": null}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fee87312cf010d9fab697a63e6d036c2"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fee87312cf010d9fab697a63e6d036c2"}, {"hashes": ["1c1aec976714ea88ece82bc3a02c2aab98090d2be04b913c26fd5b94d6e768be"], "key": "<HKCU>\\SOFTWARE\\FEE87312CF010D9FAB697A63E6D036C2", "value_name": "[kl]"}, {"hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "key": "<HKCU>\\SOFTWARE\\171435CC62A05BC7F134FDBBC2A9A1D4", "value_name": null}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "key": "<HKCU>\\SOFTWARE\\E074E3A8FD2AF4B4E46A7DA2AA4AA3EE", "value_name": null}, {"hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "171435cc62a05bc7f134fdbbc2a9a1d4"}, {"hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "171435cc62a05bc7f134fdbbc2a9a1d4"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "key": "<HKCU>\\SOFTWARE\\B127EBD47A3FF88BF5E326E61C484C33", "value_name": null}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e074e3a8fd2af4b4e46a7da2aa4aa3ee"}, {"hashes": ["dcf590328e8a9078be9ae35979eee4b204c4504d5022310f203d5e8c4dc69f3b"], "key": "<HKCU>\\SOFTWARE\\171435CC62A05BC7F134FDBBC2A9A1D4", "value_name": "[kl]"}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e074e3a8fd2af4b4e46a7da2aa4aa3ee"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b127ebd47a3ff88bf5e326e61c484c33"}, {"hashes": ["ef1b2db157a1ffbbeae4b8837f6d16d87af8eb2e2a71f6ef34be613f8358c19d"], "key": "<HKCU>\\SOFTWARE\\E074E3A8FD2AF4B4E46A7DA2AA4AA3EE", "value_name": "[kl]"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b127ebd47a3ff88bf5e326e61c484c33"}, {"hashes": ["b981ed1bd287ac3f1d9baf2217e749fb97c974c012162effcb94005d143ff8df"], "key": "<HKCU>\\SOFTWARE\\B127EBD47A3FF88BF5E326E61C484C33", "value_name": "[kl]"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKCU>\\SOFTWARE\\9F91C40E95B01EDE3C7121B971E65417", "value_name": null}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9f91c40e95b01ede3c7121b971e65417"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9f91c40e95b01ede3c7121b971e65417"}, {"hashes": ["ef2299b92585f623ae4aaa7821af7f642ac6f5368c4a40564e76db5ed48b3050"], "key": "<HKCU>\\SOFTWARE\\9F91C40E95B01EDE3C7121B971E65417", "value_name": "[kl]"}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "key": "<HKCU>\\SOFTWARE\\0207F7035A640375C65139589CF4C2D2", "value_name": null}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0207f7035a640375c65139589cf4c2d2"}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0207f7035a640375c65139589cf4c2d2"}, {"hashes": ["e1fcc7e11eb97088e03b5f374a30a11c4eb85f4b692d1dde1ba01e8fd82deaae"], "key": "<HKCU>\\SOFTWARE\\0207F7035A640375C65139589CF4C2D2", "value_name": "[kl]"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "key": "<HKCU>\\SOFTWARE\\4535B367C08E162B0210569BA620C24D", "value_name": null}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "4535b367c08e162b0210569ba620c24d"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "4535b367c08e162b0210569ba620c24d"}, {"hashes": ["d2ee63664db34462908e3d6529caeb77e7221a05d4f35feaf982edca5f8774f4"], "key": "<HKCU>\\SOFTWARE\\4535B367C08E162B0210569BA620C24D", "value_name": "[kl]"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "key": "<HKCU>\\SOFTWARE\\70236E2C14FC7518248D0D80354D1FC9", "value_name": null}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "70236e2c14fc7518248d0d80354d1fc9"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "70236e2c14fc7518248d0d80354d1fc9"}, {"hashes": ["e0fa4b6339e71a7c2752fe6996cea9535d81d53f10aa599dfc965412b804d2b4"], "key": "<HKCU>\\SOFTWARE\\70236E2C14FC7518248D0D80354D1FC9", "value_name": "[kl]"}]}, "reports_count": 22}, "Win.Packed.Mikey-7867591-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "cryptocurrency-stealer-detected", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "netbios-query", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "malware-cryptbot-path-detected", "hashes": ["dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0006", "T1003", "T1212"]}, {"bi": "artifact-flagged-vm", "hashes": ["d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "network-snort-policy", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-snort-protocol", "hashes": ["7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-user-dir", "hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. This threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.", "hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "iocs": {"domain": [{"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "host": "ip-api[.]com"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "host": "sasurr02[.]top"}], "file": [{"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "path": "%ProgramData%\\Newfasq"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\172773668.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\FSbXfBHGJiiHxn.zip"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\Cookies"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\Cookies\\Mozilla_Firefox_Cookies_CRJetqg.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\_FileCC.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\_FileCookies.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\_FileForms.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Browsers\\_FilePasswords.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Coins"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Coins\\ElectronCash"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Coins\\Electrum"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Coins\\Electrum-btcp"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Files"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Files\\Desktop"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\Files\\Other"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\_FilePasswords.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\_Info.txt"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\Files\\_Screen.jpg"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\mocc.db"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\mocc.db-shm"}, {"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645"], "path": "%ProgramData%\\TIPexLuxg\\mocc.db-wal"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\172773668.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Browsers\\Cookies\\Mozilla_Firefox_Cookies_MFoqRoN.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Browsers\\_FileCC.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Browsers\\_FileCookies.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Browsers\\_FileForms.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Browsers\\_FilePasswords.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\Files\\Other"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\_FilePasswords.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\_Info.txt"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\Files\\_Screen.jpg"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\NUGtyDRABt.zip"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\mocc.db"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\mocc.db-shm"}, {"hashes": ["1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1"], "path": "%ProgramData%\\jMiHnRUtTxc\\mocc.db-wal"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\172773668.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\Browsers\\Cookies\\Mozilla_Firefox_Cookies_AYjKSTw.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\Browsers\\_FileCC.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\Browsers\\_FileCookies.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\Browsers\\_FileForms.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\Browsers\\_FilePasswords.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\_FilePasswords.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\_Info.txt"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\Files\\_Screen.jpg"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\aCPtuZMH.zip"}, {"hashes": ["0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea"], "path": "%ProgramData%\\ahZToMGYAAVkSSp\\mocc.db"}], "ip": [{"hashes": ["05c8b15fb739010dc755da93a9834d113df9f19abfb3e22ed8541bb3e623b2b3", "0a34fbdd255579d42ab97be87b801b47b6811c9b948df0b20c11cb18e026863c", "144d13c60828827beff68e6be6c08449fb3d7568c5ea3b48a6caad50dfda4811", "1d3eaba24b85cf41f26a279d66c4b86c618ec1755c26ed1cb586bb66ae0abc93", "533e752f8611fdf82b81c56f14826cd5a6dfb960d61bb2de6b0c548da1c77d39", "5d2cd651730bcea3a9b9faca29aa6095373a9980201f97cb5398220a21f42ff4", "79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "7b77e321bff226392a518065cd259b8661295ea8b835ab5d25f166018c2b718c", "7c506171480f4e020739955f835e39cf97fa18856b3f2316d193a378081da73a", "7cc4ffa940acfc64e0044327dd444ab757ea7159e83d5ec030648be8b82729ea", "82e598f2be1e15468ac06332771dcfa8e79bf4d4d8469c985f2011af1676b78f", "8436ef1ddb5b6bb5d1dbb654e0b620e97bcf661ba02aea4156f6cabcae069497", "a3d0b780c4f58c3c74b6a248d7c31067b0c7bdf1635c02d00485abfac82b6580", "ac9438bc59d10872a7c3a8c631d0663705e6f410a41c73e1be5ed7a25ad4f0b1", "b410813c6957a0f595788608e9a844b00af14df3a35190fc74560522de881645", "bf149a2ee4cc2329b0a537be40f4517560ec7b6ee78df0201dd00f0ab6b120f2", "d301873bae0d260c60015580ac4620937ad011406011044588a7bfb49cd4362f", "dd7363caf65457f156d411ee51991f06e399ef0fc725a52ac0ab71200004aa76", "e1cd459b9fe945707e7e921f094eafa0373ec31960a95b244dc8f65ab5fa92ca", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["79824998302cbe96031302ab21d582e83a05b6fa735eb957ebd412ef77f36b6d", "f003868b37ec060e36be85406108878543ff18e227e4f9deb534345392cffa04"], "ip": "8[.]208[.]22[.]49"}], "mutex": [{"hashes": ["ca6eab615b9762d7a6cbdad08fd2d2f7fc729161331cc3a0556500ea02002cca"], "name": "Global\\32b2ea81-99fc-11ea-a007-00501e3ae7b5"}], "registry": []}, "reports_count": 21}, "Win.Packed.ZeroAccess-7880797-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-linker-major", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "dns-query-nxdomain", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-public-server-contacted", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "network-dns-safe-categories", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "geoip-ip-address-location-attempt", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "listening-port-opened", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": []}, {"bi": "registered-com-server", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0002", "T1106"]}, {"bi": "excessive-udp-connections", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-modified", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-zeroaccess-variant-detected", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": []}, {"bi": "winsock-parameters-modified", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": ["TA0011", "TA0003", "T1112", "T1040"]}, {"bi": "malware-zeroaccess-v2-variant-detected", "hashes": ["99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246"], "mitre_attack_tags": []}, {"bi": "network-protocol-mismatch-dns", "hashes": ["ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0011", "TA0005", "T1094"]}, {"bi": "modified-executable", "hashes": ["1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-private-ip-address", "hashes": ["2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.", "hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "338f76f524ee894047ad46f5840d228bfc322332cfa7b63ad070bdfdc5498f70", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "3dd92c56eefeb04b2331a5748e5f169dc6908ebde57d84f9d71e2d48913d5344", "47119cb3aca0735f168ee6ea857467d083feadc8d46bcdf44a37839f9ba93cb6", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4a4c58e0495f4c7ec68f9e1e5ea3f28155df8e60b1e8f1da44724d1df8347c10", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "55cf75ff7d0115b1b0fab74065346708c1f01a4435f03230a6c20e3bfa870cc8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "5ba22774ecd6d5362a54fc7fa9d475437ee97fc6fd9d4f656733574c2c6ea822", "5d343ef6c5d48b920ed1965f4c6b4b815ebddcc4c1ba1376310c3a988ffcc431", "626374a7ab08200052ff7ffcc83e94d874f9865377c91579bbc4e0af9268e6d3", "6270e88704545fdd108534199a708bb330ac3cbacdca3c3ada18e2c588564f79", "65407bdd12770f3904ae338cc962c693570f6e7a6c10586adf322b2ec423e113", "68a7466b1115934d9aa1dc3db7f1a0d6c8464a0fdef96bead31e101b98dab770", "6a8b990c0d864bee43ebe73f53b43b09b2223cb391369fd5db4a578ae4917e4f", "74af2774edba276264e923a462f77e4b6cde266afd6572b52cda08da342b5627", "76e42bc61e7d29a08f4e3bcdffa9f9eb50ee0f3728a44edc23980099caa8a095", "79e6a0f0c5b3189637a9032058aad6772535758173e9c28a3691e125688c24da", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "7ae59e17f0093132c8cb8965bf6d82d3c6574e7673e079adea6561883dcb2700", "7e1fbc9b6b1eaa59f3e2e23028104b424f0bf384d4a11a314a12171dbe699e63", "80f6a588974e78ed83f7e87ab92c2c53c23897ac92e6bbbd3cc1da35efa42346", "81f45e6538165235ecc992d6d7a7bedafec4e09c762e9a2efaa5eb4242a2373e", "847a38e15aa030308c6e5d41c94c303e8facf1319221154c324558da3cc095ba", "86ec4e996c5d370c43d5fb873325c6b3705eb0fa9c5d4d0daa9205fdf816107d", "8b6b310c21241b608dcce7588ca84493a07da96f230951fce3913a88db18ad31", "8c8d13a043ee9b7c47069ebbf2a4d2377a07165098da6109de1f7c25f8047200", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "93b51efd8a2340d947855b5be0ee47c96afcf81737f39877aede5233b54febef", "940ab858bd396949ba40510663b16d0a20d924e5c370327cd91a0f65e08ca4bb", "99ae1109b3e84eb19e46760a66a2a837b85d1774662e9900457652e5dec5fd6d", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9b3513c2cc93d3d29d0aedf114f53f98e0795038f5b2c43064fa17af7ff10f2d", "9e1ae3c1eab62213c2db0bca2656023bf084693f45b17e10ce57f78cc2a7635a", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a0c4ebd1223b0faf10c23b294ad763bb6d12f7e56602f5856f01d6b7bd06093f", "a556099ed47c5bcda3ddfefec0f387de81a766b0e4d37c070b400c4492f852ab", "a57b2740828a5715c88210c61d26d9f715b702a587a864edfbca1f675a5b59fd", "a7ba8fb5e806c2b6deca5266e5b0b75ca73a103871f4d6ffb5cf1afd961785dc", "a951454fcd22524f8aed67381ff8b243d2c319d2724346cab402b805d549137b", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "ac7b59d78903ea674eee9cea773cefbc704e6697040a7581050cfa7db50da560", "af0ee59d92788f528e80b63bafa41e6374be10b940894c56ce95333a8521e9ac", "b93cb672b4ed32cf836ace38f77174067ad433e1d35c96836f644ace6e6067d0", "bcb3cd634c00d3ac2507575f8b76a7752e07a5598f9a2018f0e7b15d311168ba", "bf044b7642b7a19bec205980d50bd7c37edbaf2588eba5fc25e73b7ffd617e0a", "c0962b99feff51ccb271a7743aef368ba9fde9bbedf15720c5748d9652025284", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c35028999e5efbe805e43d4cf715c025c69abf8d7443137ef71001a51c15caa3", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c4ea97961d732997519b58cf43bc794e26b57f6734e1d1d1fc0f5ac467f8ce41", "c7069f0627370ce9fb8df7ebf21e27f121124e1deda64493c2ae4898789614b8", "c75633d9a7d866104c7a39903158bdb00e9e6a6b409f8324035ad5adeed22df1", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "c9a1005eb36ef7c5f8547b2fb245a76781cefa4f0d17ad0bc88b73c801c8c72e", "cba90541b10d10c4f9e7f2a053f83fa6b4877c1a0a967face421347b37714c3b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "dad9b0aad7ccf18073f42c28fea30726d161a97bc19044f88b401932ceef90e3", "daf4d6c3a8356b9078c8153a8d72fc98ff331173f266ed0924b6059573ee3faf", "dbbd92763b9561a7709554c41bf5c36eeb64af0801afff53cb5186ae318e115a", "de987db5016d402ad9784a29dcd2997b9ee3711837a70b4a5993520eb53f671e", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724", "e6ca36681e074ac01b4dac6a66737bac64807bbd00da4e849aeca66f56a75a4e", "ea4b8ac1096379286a2b5866b804cd60c0097d9c9c734928ff83dcadffef156a", "eadd16f5a452bde300aad7a5d66f7e4418f567b23684ca6767b926d81ec704b3", "ec5e8f97695cf5540c0e664b6b8703082c58d9ebd112e0e7cb6bccec245d9aab", "f0f63fbfb753629eba6224cd85734821a479a6355c3ae1af4e5be201357c6259", "f27f0ec735d8b09d7b3afb7c1b87efb02e6afab145b27802b0f43b867feb6f6b", "fcf7bb8ec1a62e03d78cab46daa9c01e66a40ee11a96f30b95fe99c2620181f7", "fd99e9347941c9f9a6e021a195f271aaa01a4fa8bc11e5e381390074e5f553ec"], "iocs": {"domain": [{"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "host": "j[.]maxmind[.]com"}], "file": [{"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "%System32%\\LogFiles\\Scm\\e22a8667-f75b-4ba9-ba46-067ed4429de8"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\systemroot\\assembly\\GAC_32\\Desktop.ini"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\systemroot\\assembly\\GAC_64\\Desktop.ini"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "%SystemRoot%\\assembly\\GAC_32\\Desktop.ini"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "%SystemRoot%\\assembly\\GAC_64\\Desktop.ini"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\RECYCLER\\S-1-5-18\\$ad714f5b8798518b3ccb73fd900fd2ba\\@"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\RECYCLER\\S-1-5-18\\$ad714f5b8798518b3ccb73fd900fd2ba\\n"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\RECYCLER\\S-1-5-21-1258710499-2222286471-4214075941-500\\$ad714f5b8798518b3ccb73fd900fd2ba\\@"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\RECYCLER\\S-1-5-21-1258710499-2222286471-4214075941-500\\$ad714f5b8798518b3ccb73fd900fd2ba\\n"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "%SystemRoot%\\assembly\\GAC\\Desktop.ini"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "\\systemroot\\Installer\\{0f210b53-2df0-43a6-b654-d5b43088f74f}"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "\\systemroot\\system32\\services.exe"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "%System32%\\services.exe"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "\\@"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "\\L\\eexoxfxs"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "%SystemRoot%\\Installer\\{0f210b53-2df0-43a6-b654-d5b43088f74f}\\@"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "%SystemRoot%\\Installer\\{0f210b53-2df0-43a6-b654-d5b43088f74f}\\L"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52"], "path": "%SystemRoot%\\Installer\\{0f210b53-2df0-43a6-b654-d5b43088f74f}\\U"}], "ip": [{"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "184[.]253[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "180[.]253[.]253[.]254"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "83[.]133[.]123[.]20"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "71[.]254[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "213[.]253[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "135[.]254[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "88[.]254[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "180[.]254[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "79[.]252[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "115[.]253[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "187[.]252[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "171[.]252[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "71[.]253[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "168[.]253[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "95[.]252[.]253[.]254"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "88[.]252[.]253[.]254"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "222[.]254[.]253[.]254"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "130[.]185[.]108[.]132"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c"], "ip": "50[.]7[.]216[.]66"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "173[.]177[.]58[.]19"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea"], "ip": "184[.]76[.]75[.]237"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "98[.]196[.]68[.]56"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea"], "ip": "27[.]142[.]69[.]56"}, {"hashes": ["2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "67[.]162[.]76[.]98"}, {"hashes": ["177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "69[.]180[.]230[.]92"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "173[.]230[.]119[.]11"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "67[.]191[.]253[.]3"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "74[.]71[.]50[.]78"}, {"hashes": ["1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b"], "ip": "71[.]67[.]96[.]59"}, {"hashes": ["2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "71[.]88[.]193[.]15"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81"], "ip": "88[.]175[.]28[.]71"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "24[.]128[.]93[.]189"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea"], "ip": "75[.]111[.]240[.]33"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "68[.]200[.]131[.]52"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "67[.]171[.]224[.]232"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea"], "ip": "24[.]229[.]216[.]15"}, {"hashes": ["177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "98[.]253[.]96[.]25"}, {"hashes": ["13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b"], "ip": "68[.]50[.]244[.]190"}, {"hashes": ["111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "71[.]87[.]234[.]239"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea"], "ip": "24[.]36[.]54[.]16"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b"], "ip": "24[.]199[.]76[.]110"}, {"hashes": ["1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c"], "ip": "189[.]4[.]99[.]19"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "ip": "71[.]10[.]100[.]53"}, {"hashes": ["09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81"], "ip": "75[.]109[.]150[.]164"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b"], "ip": "200[.]127[.]252[.]207"}, {"hashes": ["13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b"], "ip": "92[.]157[.]60[.]75"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "183[.]83[.]171[.]24"}, {"hashes": ["0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "67[.]220[.]35[.]238"}, {"hashes": ["13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9"], "ip": "78[.]207[.]236[.]3"}, {"hashes": ["2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4"], "ip": "24[.]180[.]139[.]197"}], "mutex": [], "registry": [{"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BROWSER", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Type"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "ErrorControl"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "DeleteFlag"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\POLICYAGENT", "value_name": "Start"}, {"hashes": ["02411d87ed538603b197ac94e3ec22c1357207b94381c2ba0ca2b806b720cfc1", "04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "117c7f9c77fcbf318dab016ce4ba2f64d5c3d4d64fcad13d9db4fc319492299f", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "155ed9f8e81406251d055a944f713638f43cfe0523c9f09a67ead15eb52c0e22", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "1adc1e6111001ad5643acb65f2f68476007f753dfe41fa0873448b833e42a097", "1f8a7e21faa36f5d4b447116c1693d47abe3f2b5045b3a78db357424398ce5ba", "260a8ce6779a97ed8f481dfb6ac2f9e235add7afcfdbc7b5b826eb667b076075", "26458bab71ad112451201f69ef1c6e5ce3851376db24094071a43391704dac1d", "2c490445283345d2b685558a51c0742874bac9274a68b2de55fcfe1ad3b5b617", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e37f02906b28ed0b87a1ff288acc6d6248a25b3f8b0d19ff533bc10f69f218e", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "33460f8ccd91682f39cdff83e52fa4b7919617602703c2d1c2090651d8a03446", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "3c33a2304444368a584a140ea123e1fa5b69157d56c1f70d78d237235f723f52", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\EPOCH", "value_name": null}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000010", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000009", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000008", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000007", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}", "value_name": null}, {"hashes": ["04bf8af7a6c68f85690922b1271bf42b4a7d0a3765bbe18456420c82ca753651", "09e3121e5ff1cb33a708e8f8d296b0d48d9eab56e2e5a1ee948c5655aa344238", "0fe3d2aafaf4b3ae6eb8c8385837fe4b90e657f03ee20168f34495f0a9d32432", "111796eedee6564bfda6d5c28e30d905c390989005a9d0c8b04b1500fcd8cd81", "1165bfde5bdeb24e7dbd44ceabead951e52165bb05f0e5a07eb9f94c16d34e66", "13367996d807b222b560858cad785c706e2a9ab466b12fbbb2f0afec931c0bfd", "177bdf74d25be92ce04881b07eb5545a8e5f07c7745a86f28932c65089d38350", "2d8f826b6b34cbfde8564bec66a47b77ad4867122804e6b39e06a77fcf833150", "2e3a4625c366fff74040676be7c087cae4720f363fe31de82373e46a2441fe75", "3342a7b78e6e3cd56c7abd51e1c66f94cf37fd5ec8fc7eef2c8905b00f96d69c", "354c3d3f0ab1bb49056032980c36bd1d8804ec13137a1d77b1ce2dda100698e2", "3779a8ded1b3434866853de6a9f7c4879ea6350051b0262702c633eb8a18508b", "3985faa03f1c5567d5eb08a69f2fbcb1d0eb22c09cf536ddf83c8ecd31477341", "48278cffb7951081107586aa466ffa2b296abe9846784decc5c4a5c35f108dd0", "4e641aa1433d7191dfb64553dd623d72d2ccfccf87f2915e6a32edc17e5252c8", "5a9f5a2d6e021750c96255e988d093c6a3d181156c51cd361de4028ae437e66a", "79e8f57d1668fcf868ab7fd6d838f1984f9af5a29fa74fd65c71978bdec7f5b9", "904d0ab3d3fd077bb7731c1f265528cb358c29a1b5fe359bbc304f15d836c7ff", "927c5e5583e3a1faa14e1f2fa92dadd6a6625ade2a629b3c223fc15684c68a81", "99b564ae2d60f613a944bbaa3aed2e51c3744ca9fc6fd4f0d69c3eeae5fdf654", "9f5ae36af3bd660040cf17855f26c2ed787dd7aeecdc2831c8627acf34a15246", "a9cb6075e5dfd91ef3e3c8aa4cec964c43047ed765a6e586ccb1d9b335e59d5a", "c21d06989f08f14a01e3112abb2114d36bc70e9a2a322e76a32d75df734600d4", "c4dd66e69815a6187f45ca13f2bbff4877a6fcd5b36e63fd1b72d2d3b5b07e4c", "c833408bf393ac5eace1d6e24956fda9bb479ad611cd85581164fd7644f3cd9b", "ccb93f1342f87529f1f2a13006eafebac108a2e506d4384e68eb8bbb6ac8a1ea", "df47dcda338a919cc03b78107f29a3d814430a76e38a304f2e05bf16603f54c9", "e330f86ea6dc423b88b451dfb22f133877566d6f5ebe8d75a9e1efde352b8724"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": null}]}, "reports_count": 40}, "Win.Ransomware.Gandcrab-7867602-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "3835b262a497e7f558607bea86bc1eabac233341e00606e371bfa50d0716946f", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "3835b262a497e7f558607bea86bc1eabac233341e00606e371bfa50d0716946f", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "3835b262a497e7f558607bea86bc1eabac233341e00606e371bfa50d0716946f", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "3835b262a497e7f558607bea86bc1eabac233341e00606e371bfa50d0716946f", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-dns-malicious-snort", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011"]}, {"bi": "excessive-process-creates", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-with-multiple-children", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "opennic-domain-detected", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "malware-gandcrab-mutex", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "artifact-pe-reflective-loading", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-util-nslookup", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0007", "T1046"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension \".GDCB,\" \".CRAB\" or \".KRAB.\" Gandcrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.", "hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "059011ee95e0d94a3c3f0867fd3c8f219f8872cfc3564c1e59098026367ec7f3", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "21d9ea70ed7ff5e42ff506b7233c7da1047d883e0e39e7f3da3e954679f11fa9", "224c8f80016fcf1c817063bf9996cbdc94b15b73244e781f4162c22d13dbfe84", "248a1fc94c7ae7e4255efbc6cac0873c7e2237e10adc9025a45944986a7feeb7", "28f6a9e04bc04882f2aaa17c2aec8fb6be697029d7c67be3774849011298b676", "2c486bab0e84c1acebdf8daf1a33828160e8ac54715928f3cbf184a64cdcf265", "2c4e1b3fb4993a04f2bc9e6abcb90ef19923cd0f0b70f21cff2a0340aa5f590a", "2f84f2cef77d5a301a3524c9f1b839beffe523b08b2fff79bbb03b5a54e09bd7", "304c56ecb1d95f21b86a09eba41e0b4bf969140db8a453d5c3a8dbcf40973d34", "31ec8913ae53aedf8d2d1857af677849ea4e7bb01eb6ecb227a5f6a146c4699a", "321b79ff7d7fddb41b7b5095766cc15739d25b2d132977eb7e975fc822a3d536", "32b1a3f04a92fdc29bb57151638eb3a2d02d52c16d322a78c3781109dc452b7a", "340295664f0bf53d268a21fe6df74c1e1d4830ec05caf47d1c70b79b323de16a", "36c44579de438cceb1f2b9e432539244625f7c197e58dac238b11f934a6e76c0", "3726425a9afbf9e5361604941334870d4b8e6b0a68db9ee8834a54abea41e2bc", "3835b262a497e7f558607bea86bc1eabac233341e00606e371bfa50d0716946f", "38c0c2f0fba06bf8ccd123a5613dab1a71d02cd0d5fe2a6bdce91c9e09a31aa2", "39e87450dacbeff2ac8011d08d23dc0af61c1117399b33cd649e970e5f591888", "3a03566e9b2ee207099e4dce8cee5de224b043e2feca8f3137a16dfab7b54baa", "3b3dda896702a07b9a1b714d5d4791539f6d8b03bb3a7c95b4935c2f2ef3582b", "3dc2c2415ba724f08dd88c74527fd9b7d4444aa5d1fe63eb7f1b3a4b12768cd6", "3e7275d9697f6bddd93cf97969cac7ab7a8481674ffd1452139f3565c36b2b6b", "4035862a8fe2e8711d18bc288e89db3677d049c58374ae5e7d2319f0dbb7073a", "4088bf9aad071536f9aa97e57ee3d9b525a9c798b0c9df8c1ae624ac1b87f272", "40ebb856137dad4dfe5d28bcfa50c07ecafbfb453cf28bb949bb470ada5ca1b0", "418344d7dcd1b3f7334ae09f823f84bd62cc50ffb3766c2c9b3c61d77fcb0ea0", "42dd76c8d9b812bb48ce0994a0f88dc9dcce55d950cc03025503c7c8a7518f21", "435a4a000e4b2ef74bf81a82dcc50c78c3065eb23a64fc0a0b397eb408b61514", "4462fa469f23e9a471f9822974e34a7bfe8f918fcde4cb2cd9e1d7c72b19860b", "44ace3251c3ea3fbcecab9d573b466ed1fae4474c95848a9158d101d4a9cfc7a", "470a4e7595777bf2657a0a341e919d2e6831f961ee9e6da60174839d463fde19", "4725bc6915b2c8f0106d4de66a4e4f911c9c1734fc778f84f8f8429eb6b8fa70", "48c8ae2601ac32d67136212047f1d85b3818a73c53dba6d14728b8fa54e7d4f2", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "49bbca35019f523a834e84c1ec625a53b71e41294bb782b44399133f86f3cd38", "4a3ae5e8b2ce24725397c747b289d3fd78a44b11ae25f70e778c3f936afc655f", "4ca60c1780d1a766e69f2e4b62a0cfc44a79f2583016bd6984e86468fbeb03eb", "4ccbbee854db5d37e66cc05d922073a6acb510c2f52683c9fd67cafdcb6a1484", "4f3f63a30ae4c22cc2529ed2ce6dd7fa548e854c65d16b17796700775e144286", "51ce4b9fac38d888cffc894c63e11a91443c02d43b33e1a2b64df535180215ee", "534c9ecc6b7e71c8bf9c43e7a04e944c44960c6cf144a9983562435fe03f0bcb", "56214b886ff413008df03af69992d58cfe19c61aef72c2e89ec910b0bf41f774", "56c920d22ed14b5a542d78ebef2166deacfd34679bb095b8ecbeb7bcce54706e", "56d34e930dd7a09c0510eb85105edf7127ebb108c9ddfc2edadd99760b2a55f3", "57a9c30d875cf2199b2566464570367c9ca99e72b51dc0478738a60028a28048", "585b7815dede6da34a67c1c31b7264e01af078afe732c3c2d95c9dac18c337b9", "58e8cd7cddb6a7d426bf23895d7feadf025b55075b3256ae3ba34d634f611e31", "59ceb79c306346b6a9a3b98bf2c3e78bf6e012251c21e456f9d564de36be0dfa", "5acf013ca5349346a321b43a8dd7f4a2162a8e7b099490bdb57d3e84974ccac4", "5b3d2adc24ed53cc9483fb69bf47b684c0e1fddf3c1e3b8304dfd63ab95c195d", "5bf3639585409d7914339c093cc4ba61032060410508e16a5889d8b7c8b910da", "5c470076d1551909519b7d3083a4c0d2d1b7c48c76c0454e8a8f898db8da08bf", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05", "5dd883e5e916732b077267ee7b6bbc1e2018ea6933e8a4b7a9daac357ea35692", "5e342baf6e983a584fc60fac28403088441c4f5f2efabee7b17a471d3125c000", "5efff1156c582abcc8fbf214c8c78276847deed97e69e5f69ec2ab980d65da94", "5fd58d34a7bbcb9c4881c800157a89aab4c265c810cab076f880fc1ea39b72b9", "60d28490ee38436cffca3203bcb4ef58e6930918d7f60ec8163257195265db10", "626cf0c9e95c1070a3c91f3630a14afd57f000a59efb0d0e5426a334f92c8683", "62ff72b1cb1ef0d311091eb618ec870984fb331cb5767df11a6fce754553d003", "64fdf05e80447216dd917e8bfce3f20ff950bebca560da0a85f3c6a1d3d6e0bd", "65cb54fcf127e8f34879c5490abc61667fa2fb5d078e30669130e3bf30c03fc6", "65ea8a8ccaf0276eb9853daad06137859c3b78ced04eb08b423ebdb6ecdbacd7", "6603c07f6e14c7218b8a0732fe42e058da1832dc2e6fa5efd6470efa44a88316", "6673afbf29515b541e899cf74cf75461d0cdd1d3b1b4d9aa4c371c323e28fff5", "69788ab18915099eaab3253529c180c7640bd4f91d8f5e038e98eb42a7ca3a16", "6b75c979963beb18cbf9b5a6896dd6961a7a9d38f7868a1d760aed11d96de564", "6c50313e6458e053a4184faedc600239b5d798aab292bf96120155d457424b8c", "6cac43cd192ba2bf0e580314a19c413919ad60c7831162994fda6a313c6f3261", "6d52b6255baf03fcce28b8650403e2f0a5138950aa08a2c57dcd9bfc592aa577", "6ee4c8a6e5c235e38e11f0258894d5bcdc399ab99cb3ffd1fa574670731bcab5", "7042e618e00a81de1bdf020fc707f7509e3c936a62c9d37e7507322376992e46", "704bba4e7ccb8bb53b2296c9b64524a02f4efc56c7a9717093a496b168dc67d4", "7135d2f5e2f40618a973b70c0c89f0943f8943a2d328945bc941425085f752a7", "7291d437969d28e17cddf71ea576b82efbec8a3af26fc465810093f295681cb6", "74771ef9bdfe84ba55e4fd11defa68d1051982648a2d888e2f2dcfea51ff054f", "7478fa3c6513cad464155ebe9ec2d96f500a7f98a242abf694405bff1cdbf240", "74e986d6075e90ee80ad317ea763e2cdcf7ba5581cc479089313a3bb59937827", "76615a504768f93b33b842db5563f0dc1a675c1388dbac853485baac8dcd29b4", "78ed1c76689aa23ad4fd8e743cc7770a0125e647c3fe341c44907c3a00d090bc", "7a98a68619a8241d0dbaecd3cdb4d8b20c475ccde1da7253663c6d698667195e", "7aa524eeb2877480f3f9c992df7f26a00b7d2d0d60d30958e02f91d98e6b659f", "7bc40a343964b3c44b760ab146482b007b00fef89543107aab2dfc4955e59f0b", "7cca07fa8584e2a86a07d07fdbae918c2873868b641614c018ccb11dd2fd5132", "7cfa732817437f760d4e0be1778484d4089dd406ca5d084592c29b7401d2677c", "7d160b649f038c01d2095e01521ada3e57d36a64f152d32010fead156db58044", "7f0a7d6783d71c1e6226c26ef9d1e0f03ff61ef8d4d09b3bb290049588d7d195", "7f36539d676f340a72071daea6e94dbb63540fe8b2e9ba3e417a3f0de2d33433", "7f4f1b93051409b6585de3fcba507665ddc3d091a3c94cfa42a8a4d6e01e115b", "82d93c10ec23f11392f21d8a061b18e5df4649023741fdae7eb7dcda3a2f1d70", "83e57dde201f12ff426f58e47b4833dae1efc323169c78ceb54e7ae6fb5252f5", "85139b790f1aff0c149598dd88c1ab3040724d4790751e3498190a921375cf1f", "857cc092b418552c450dd53a295eb119a2ca00f7a455cf1ef50f3fc5205a21c3", "88720089c227f2691430f5d28f9fe1e23a5614caee24f90f8843c3653ba5421b", "8927b3b7df81af359e7bf28d53b82df4155b53cb975f4bedb97e117e0ab7f964", "892b779a08945dfb20b09be20c6d973ae28cc6ae3d9523199b03b1a24b34cb3a", "89e61f2e2878c3cdc9a26960c4ed72b8177e7fe685381faf6e986bb5c80a1260", "8c2fce54dbddf88434c5a2887996f4aeafe4e62d364fda75d9c0a95e5d6fba20", "8d71c72f3885fd9031de2ec37aa9e02aafa1ea8bcedcb21c89a238a1c4bbff72", "8dbf179be84e2c4bed7cb0f5f68ab4ff2b4ab6778691359596d0927ba8c136d9", "8f1b0859df2929e6423b0ccb112fa11a9823d21d9fd202d767ef8f50213657df", "92d3e5cbb0e6b83f25a6b6174b4ea4db697707b3b37f929cf124a487a9319a0f", "94552e50e41e46a92957b18066de138cf29a0d8fdc0deff33328b4665820aa17", "954c37690d64e99b0cdc537b50c7cb2866de4cd9401ccf84ecdfa00d19189ea4", "9c9c956e0f4dae7a11445d6bd2ff213991c064ea83e56e550a6c8df9ec97902e", "9e6429e8617e25d4a8f3677c44efcf7b8e34271c2c6fae73bd7028ebd6ef456f", "a1b760d2f754316cc8e4a80901d872a1c9edc35b8c9d3103274c9bacbbfd16a7", "a61d574bacd51fcb8adf4bfe731ff6d04ba25a537bb2ba30f58da7cdbb03e7af", "a623abc9a1a717451fff49990aa4f77363f3717601a12a8ef62f251a0062fbd7", "a7e88c9a38ad957bcfe6ef145afb65934e6896e482a338bd638b6ba86f72b4e6", "a852707f023fc63521ea24e1da7114c13d0df514355706bf56df3f845339cb9a", "a8d2dbc1b4ca265f99b766bd121d5620c59902237cc61538d882fe4c542c015e", "aaf45210b8eafa30167f1eb180d20d819283d39b2acf70f3ecefa8807bea765b", "ab9fb4831b6e5a8f315be467b0c5ffdb7e2be664a5c5017e54dcfc2bf2b8c6ff", "aee00417cf49455ac70ea148adcf5611a63f566717fdf64f61eed59223261257", "af4d532709e575143060afe0dbdb917f3762fd93273d5ffd9ca02ba39131f73d", "b19d500d904c4e682d6d482f1ae1d6b5a1af0969cdad5ea49624462a061a79f8", "b1cd1103147d7c607fbb02ec34029df8b54e7422028ddf3ae6a5b5297e4c574c", "b2840a917b8f93cc2763bd4c392b789dd10056cdbe80d177dd7933081a60dde8", "b32cd988a10290afbaa1be598136f2b847f33e66282cb42e9253d6bb4f0820c4", "b6853aec547134c95399c75e3446983d00d9e863aad427553d01466ed665282c", "b6cde05612fe35ecb27e2c67b710db7bfc44eb97b7b7c5518f96f956cc5640d9", "b6d6f9dd6357703a3d6b13dd754b394532066215b40f48ece1d6ceae559b6730", "b8c6d2d4e61cb25e882dadea71e38d323e53fe2aa5da9c35ec4b8a93442c1913", "ba6f14592736e6a2977bd2f4bd92c29f2521f9ea91801ec6ef59fefd61cbf59f", "bdc0f5eb1612eede0a0d665b738d9e9e89ae9a15b31ca7bf0b5b76cec9716477", "be15fccd6cf39242ce02a9d6721a63efd3745764d2adbb4c7f91e10e306e7250", "bf78d3fada04a88a2683092fcaf32b4ed5ae6f5a5f400e889112507fc3fa8b16", "bfdde7e96e98309be07c7f8b6c0f4a8362fb25237b71b5b241ebf346de794e70", "c04e21fb159281daacf7f7263ec2fe52401aff23767ae79da3db175ea58eac37", "c1325fa6a117e89e3e15aed8aa3dfb349c231b4c4b94d0da434373bedf01c57b", "c595cd4603c299cc7f8530c94e1789eccddd49e91e754dcee03142834ffd8b27", "c811a47c195dca3c866af9fdbae54526874a1113d19e6e58334fa24d232719fa", "c894bbd3df88b38ddf46e185853196290f076d17a12f9f3c188623290cb44ac9", "d08bb4721d1a3c385f6935e0a9f38154a744e605bc19259014bf1dc55a6e7fdd", "d110b04d1ff4a838b2ac23d7615f210d29c985b7ea32f84f529a0a43992f5677", "d15f5b2236222d19f088bed6f3f7ae5625a8ac25aa68ebf2eaef28f6da6d95af", "d19fd0b670dd2692b15ac922f6cbadafd282ba53a69ad6948daca666bb81597b", "d3971321d2c030e16d3592b6832bc8075c78eb7b6ac0d7c7723d92f2a211af4c", "d4c8acd89a7635c404d72455fd5f787e13395b525fce7a369ea5c2e76bbd7729", "d54a3513fe643a9db1f691336c433cb7f793441a14ebc10862e69fd06ec0102b", "d58de753471a537090ead92f9d878c1a6f4d14f72afb07cbabad2bda9f3a221d", "d5af1434cf2471de1c5fb8530a8fa78b79fa8afe1958672ac8be66bc823a5f76", "d5ed7e2925f0cce4044ce17b8cf68b1f694886d4e379b5f0812ef8cdaef90f84", "d9c5008261e6b3fc74a3f5f4512069f22f53594f11211b91d7ca1221a94cb7d8", "dae3ab3a4105afd7372fe77c2dcab4494350712b780ea8d2fee35780a851d6f3", "db14cd47cd137e998703412a7331121332b73eeead654780610d45b473a4c021", "e02846d7180e84b3b1407a262115b72aca4fb7bbc1f4e1f37d88b7918b9c6bb1", "e094014053b1a1b5060d17ff7bc6a5836fe92e863638d5d772bc41902d1d653d", "e0d3828f53b54313c21a4a5603466e0d66ae3a30ee5c19127e2baf2a89fd2897", "e1fe3738f72eb8254d1c6f28d56b4247fe0d1905812ac99f710bdf925a6129d5", "e3283670af09f2ea470ee8b99f991cd07a7aa785522ae6c0bf901c7ec7dbe960", "e35e1eeadb35a37bc5d62575e0431501e5cc677af0250751f54cb0df368d1ac4", "e61bf7a0266ec3e1e6d62ddcf8d81b4269b0b2964963158cc962b2ac3a89819d", "e744a808ac69e72c14b5abb6406b19b385850e6b0e1e689e310df7d92033e6df", "e7f95e7aea4d6ec339dd2a98c19df716d815fdf5d22aa442928abdb983b3fb8c", "e88b4ddad1794727e6f3931fcc7170e4fe28257c53efa2a8bfffa14dab95cb16", "ea3b3b250974d37333250131911519286502aab4f3458db0fb3243ee673d61fa", "ea4604490b28f3e8466d1d93851a9f92dccdd60efb6d9c52847fb86b83f15515", "eb4f22b7498295ce7174a21fafe734db81c906b40c37944dd1d7c96111757a7a", "edfb9da4281471c55e5bc97e5a3467fd4b0701ba492d31b83edff1e9bdd93d43", "f4ccfd58b7a97229f29b8561e32b20c367fb04369ed371d1da56493442e118b5", "f577418d41efff2737dab1931a0d3d4007445ad687cbe24ecac3d7b2c5522ca7", "f71458d9dc96269019981dfef94a5efa24b27fdc53bf5379bcad25f70489543a", "f7ea81b69a9f46855f7bad28c2821e6b4fde68158073470ac24b5ce21129f457", "f8c2c8b4df25ecfc1ab2557d7f77ce2596bf5833ad10eff028941b836578c580", "f99e573d87584ca988841e856332bda3399a7fae8b8a8ba736ca50bf1b321288", "fa552d42dca1a31b0dedb7d106e04703189e2741b20e755921be4e2dd9c63020", "fc6fadfa54e96a6954407463a0a04713a5f40feab760e61bd1269ee3c885112b", "fd3f6874601f39837a5ab6977aa5b26c187d004bf4acc0cd8fdfc12484576bfa", "ff5b7431f1b7426b7a75aa5f8e6a0bac9c453eca03c65b22ade711e8e61b943b"], "iocs": {"domain": [{"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "ipv4bot[.]whatismyipaddress[.]com"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "ransomware[.]bit"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "zonealarm[.]bit"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "ns2[.]corp-servers[.]ru"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "ns1[.]corp-servers[.]ru"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "host": "197[.]23[.]215[.]3[.]in-addr[.]arpa"}], "file": [{"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "path": "%APPDATA%\\Microsoft\\<random, matching '[a-z]{6}'>.exe"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}], "ip": [{"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "ip": "66[.]171[.]248[.]178"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "ip": "3[.]215[.]23[.]197"}], "mutex": [{"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f", "5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "name": "Global\\pc_group=WORKGROUP&ransom_id=4a6a799098b68e3c"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310", "05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310", "07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0", "092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2", "09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3", "0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b", "0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e", "0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281", "0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3", "0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546", "0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea", "0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c", "11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469", "132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef", "174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac", "194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6", "1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f", "196739b4de52784458121a5c0093ea272b1dcaac9dbe14bca27f4032f713644d", "19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0", "1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892", "1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a", "1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6", "1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377", "20019df94a1830705940e0af5b8c36aa6cbb9b4236cc3474d77f26e57feddd22"], "name": "Global\\pc_group=WORKGROUP&ransom_id=ab8e4b3e3c28b0e4"}], "registry": [{"hashes": ["49a3f38650ae08fe76e704246b5d739516d667bc04a34cbb572d705ed9c0376f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "gqaroteszuv"}, {"hashes": ["5c4db36ef84f2da17de8c8b7aa24f45ce259bfa0cf4e3b15473015f60c841f05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "gfwtpthpxxs"}, {"hashes": ["0e8bdb7a6db9f7c44327f2e08f84ae477dfd5f1843c07dd7dd60c277aac73546"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "yqodlovtafx"}, {"hashes": ["05dd0df2665c0ee4d3173401cbdada2a737a07a85b7696ed52568d4ef01f4310"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "zvdybvwcjlh"}, {"hashes": ["09d4b863ccb2a29661ae705576f99a99c76bf86649ac1816ec9b95dc17379cd3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "ixivitmrlsi"}, {"hashes": ["0f35c8e3e4825515ab9a371164dc2eff495d5f5d0a3d387e0a91fc75fc314bea"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "idukgasaolq"}, {"hashes": ["07315bbedbca75ac23c5580c4ad28118191d69c003eef874060606df14303fa0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "cqyuvaieduv"}, {"hashes": ["0b5bb44d72cd6fb91c9730271faee8442c61ac86c6a82d2dff498127daf54a1b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "gtwmnjmmoaa"}, {"hashes": ["0bda746dfd7b88bc5e701624517a984f475a6b527aa78805f2b7d6047655064e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "sulbzkeuifp"}, {"hashes": ["092f5b03e7039fa28da5fe858e7d9797a9c1850a2f19ed4842b525d0ce525ec2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "nukutdatpdl"}, {"hashes": ["11ff7ae98a4f9e480030f9bd8feaeee5818562ebd80eb4534450a85a0cb32469"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "yivqkaljqeu"}, {"hashes": ["0e6d8f8884f055ad6b3c8ba70cfad8e2ad67a848c777ed57ee10a7f1a32474a3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "keifshjkiuv"}, {"hashes": ["0d4fa43da721273630e4f127ba0f5f23c60fbdadd7e53bf2f9a1e880f739e281"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "oztkihayold"}, {"hashes": ["040ebb69ec07b948008faf37fa94dae68d02a2e2d41d98cdf4a7abfe99d41310"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "whvprcrjdjp"}, {"hashes": ["1c35cc0c7e29ec827c1b2b9ea3d3da273b835603ed619eb89557416e32751b0a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "mykxyedvbtj"}, {"hashes": ["194b82e920ce714ee08f895ddac85e843224fb9f221fa487c690b71b3b1662d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "krkopvzwlxl"}, {"hashes": ["19d4a3b28412b0e6c162a4ad6c1ab990e73847a307e34c4fe812b03bf8dff8d0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "dzvllkfxuzi"}, {"hashes": ["1d8f0bc7fd5ea8ecbb5e051841cb4e357026de7a602c666f352d8f4df8efe377"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "tebsrvsfqhp"}, {"hashes": ["1b3e3b0ec02625c50c3e07f3367b28750f0a1c57536249e23610aebd13c5f892"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "fgxfhgqwsss"}, {"hashes": ["174e540bd4fc8842673e93de2f94f240e07756be1a83d25bdfb3773201242fac"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "qsmgfnlhzmc"}, {"hashes": ["0f60164d8927e19db7df47d3bed2ea56054606e83122f2ee2ed45d3a2c04605c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "naxlazjqzas"}, {"hashes": ["1965fd7c1530a4afe88e35176dd0ad4248ce761ae1aa9e691ed7449076b7262f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "mpkofmuabbd"}, {"hashes": ["132711003359676a2b2461e94bad6a7c6e822e0af7b5d2e7a3d46f45bc2a10ef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "qsnyikmcelh"}, {"hashes": ["1d4e75c66cf6954608f6217fa2e2f677dcc0d0446b0dea1b9b62ba9482855ce6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "acyskmoovdm"}]}, "reports_count": 28}, "exprev": [{"count": 6582, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3841, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1848, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 1655, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 155, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 78, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 74, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 70, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 28, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 9, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 6, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-05-29T14:05:15+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.DarkComet-7899778-0", "Win.Packed.ZeroAccess-7880797-0", "Win.File.Dealply-7864013-0", "Win.Malware.Swisyn-7867587-0", "Win.Malware.njRAT-7867588-0", "Win.Packed.Mikey-7867591-0", "Win.Ransomware.Gandcrab-7867602-0", "Win.Dropper.Tofsee-7887861-0", "Win.Dropper.Emotet-7867783-0"]}