{"Win.Downloader.Nymaim-8076820-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-public-server-contacted", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "url-not-found", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "malware-nymaim-registry", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-minor", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-large-data-entry", "hashes": ["eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "mitre_attack_tags": ["TA0005", "T1112"]}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.", "hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "iocs": {"domain": [{"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "host": "nvwzxhhhdv[.]com"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a"], "host": "wpbzgw[.]com"}, {"hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c"], "host": "qggkh[.]com"}, {"hashes": ["8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c"], "host": "bwsmfrjorlq[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "bwdeplfczh[.]in"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "wjosmgsktip[.]pw"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "cfznbpxyryk[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "jocgylyymc[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "wfruicutcyrs[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "fhudalgggjg[.]in"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "lupedxkaibo[.]com"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "kzaymlrch[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "aycxogx[.]com"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "mwuylejzv[.]net"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "oxoftcpn[.]com"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "zhdmdivvz[.]in"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "senfukvb[.]com"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "ssdodwxhnd[.]com"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "host": "scqbxsagu[.]net"}], "file": [{"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%ProgramData%\\ph"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%ProgramData%\\ph\\fktiipx.ftf"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%TEMP%\\gocf.ksv"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%ProgramData%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "%TEMP%\\fro.dfx"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "path": "\\Documents and Settings\\All Users\\pxs\\pil.ohu"}, {"hashes": ["467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28"], "path": "%TEMP%\\bpnb.skg"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "path": "%TEMP%\\yvthfwu.dke"}, {"hashes": ["cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2"], "path": "\\Documents and Settings\\All Users\\tjl\\wknj.wwy"}], "ip": [{"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "ip": "66[.]220[.]23[.]114"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "ip": "64[.]71[.]188[.]178"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "ip": "184[.]105[.]76[.]250"}], "mutex": [{"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{369514D7-C789-5986-2D19-AB81D1DD3BA1}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{D0BDC0D1-57A4-C2CF-6C93-0085B58FFA2A}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{F04311D2-A565-19AE-AB73-281BA7FE97B5}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{F6F578C7-92FE-B7B1-40CF-049F3710A368}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{306BA354-8414-ABA3-77E9-7A7F347C71F4}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{F58B5142-BC49-9662-B172-EA3D10CAA47A}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{C170B740-57D9-9B0B-7A4E-7D6ABFCDE15D}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{B123E21A-671F-AA5F-2286-F31181A381CF}"}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "name": "Local\\{85785183-F382-5EB6-2795-711B10C1720E}"}], "registry": [{"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": null}, {"hashes": ["0b8b92c84b42245d75835c5c08207c58afa5b2c713a73b63b12893ce2b55fcab", "1073e4d929967870bc85a70610a16ffea79abdd4e0458e97f9ccf494a02ccaff", "467c064eeabc29668178ddbefc466f856672291347abfe3cd8290c0223976fda", "59efdf5c8785c716a263f09c146de00bce00590df67a8b4ccf3d316780dc681a", "6a0953a33920722f1c8a06b4e4bbe428ced81fb840422b18b86b293284325aef", "6a41f990066df75b6d2bed50ca401a89f2c35c1d6683f861938831f5c61e937f", "6b4aa0bbc515677549a3b6f33cc762032e151a5da40f127323bbcb7dba3ab979", "7dd3a949f6e6b6dab8352fdc1d917f07697f9dc0b2dbb5d35d1539be1c56e15d", "8f8f122da6336a028e636218b57ba9e8abaffdf934977c7cb55ba376c76f529c", "a568133513b2f1520e8b45494bbbbb4b5b40bb29c21271ae5d51514be907b1f5", "a7573193ade3d217c745d948238d61c8ec0356bfe8e0623bdfbf81c4566a0f28", "b0a0f7b7c6f7902facf84acd566afaf32ead8ec9c437722b584f7a927035c38a", "c58e14431f9d6dd30c6437e7ffcd146cd86de44e48298aab6fe45296685ba3ec", "cf0b258853687bbb2b02617ed5b627f7a67f354efc597f0ac222708106094ed2", "dc5146d83c233077ae27dbffc23b7aa7fae1ac3068785e96d88995299b3d7351", "eabd9c9a0b18c1c85f7a306f7f3075425b4cddafebb2acd2b6e5adfdd8064ef0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": "mbijg"}]}, "reports_count": 16}, "Win.Dropper.HawkEye-8176602-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "pe-uses-dot-net", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "cmd-exe-file-execution", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-executable", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-http-blank-user-agent", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "compiler-vbc-run", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1500"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-hawkeye-detected", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "excessive-sample-duplication", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "process-hollowing-detected", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "deleted-submitted-file", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "http-response-redirect", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "netbios-query", "hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": []}, {"bi": "windows-util-type", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0009", "T1005"]}, {"bi": "windows-util-type-read-write-exe", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0002", "TA0005", "T1202"]}, {"bi": "process-ping", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "file-pending-delete", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "process-taskkill", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "windows-util-type-empty-file", "hashes": ["a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "mitre_attack_tags": ["TA0003", "T1112"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "iocs": {"domain": [{"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "host": "whatismyipaddress[.]com"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67"], "host": "ftp[.]banclays[.]com"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "host": "ftp[.]rbsb-uk[.]com"}, {"hashes": ["1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "host": "ftp[.]monocool[.]pk"}, {"hashes": ["18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5"], "host": "ftp[.]eurotek[.]ga"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983"], "host": "hdredirect-lb6-54290b28133ca5af[.]elb[.]us-east-1[.]amazonaws[.]com"}, {"hashes": ["b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89"], "host": "78[.]210[.]14[.]0[.]in-addr[.]arpa"}, {"hashes": ["4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7"], "host": "169[.]241[.]9[.]0[.]in-addr[.]arpa"}, {"hashes": ["8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032"], "host": "231[.]29[.]2[.]0[.]in-addr[.]arpa"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983"], "host": "251[.]111[.]0[.]0[.]in-addr[.]arpa"}, {"hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20"], "host": "101[.]37[.]7[.]0[.]in-addr[.]arpa"}, {"hashes": ["7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369"], "host": "mail[.]rbsb-uk[.]com"}, {"hashes": ["3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3"], "host": "mail[.]prizemug[.]com"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "host": "ftp[.]empiredecor[.]tk"}, {"hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "host": "ftp[.]eurotek[.]tk"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "host": "ftp[.]prizemug[.]com"}], "file": [{"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\RES<random, matching '[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\<random, matching '[a-z0-9]{8}'>.dll"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\<random, matching '[a-z0-9]{8}'>.out"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\<random, matching '[a-z0-9]{8}'>.cmdline"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "\\Sys.exe"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "\\autorun.inf"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "E:\\Sys.exe"}, {"hashes": ["18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "E:\\autorun.inf"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\SysInfo.txt"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%APPDATA%\\Windows Update.exe"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%System32%\\wbem\\Logs\\wbemprox.log"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\RES3.tmp"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\CSC2.tmp"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\tmp1.tmp.txt"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\dw.log"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\RES6.tmp"}, {"hashes": ["1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\CSC5.tmp"}, {"hashes": ["1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\tmp4.tmp.txt"}, {"hashes": ["46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032"], "path": "%TEMP%\\tmp64F0.tmp.txt"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89"], "path": "%TEMP%\\tmp6CEC.tmp.txt"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "path": "%TEMP%\\hv-lx-_y.dll"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "path": "%TEMP%\\bhv54.tmp"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "path": "%TEMP%\\hv-lx-_y.cmdline"}, {"hashes": ["ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\tmp6944.tmp.txt"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "path": "%TEMP%\\hv-lx-_y.out"}, {"hashes": ["bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67"], "path": "%TEMP%\\tmp6E52.tmp.txt"}, {"hashes": ["c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5"], "path": "%TEMP%\\tmp6DC6.tmp.txt"}, {"hashes": ["ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "path": "%TEMP%\\tmpB63B.tmp.txt"}, {"hashes": ["c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5"], "path": "%TEMP%\\bhv35.tmp"}, {"hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "path": "%TEMP%\\ch-hkisq.dll"}, {"hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20"], "path": "%TEMP%\\tmp6DF5.tmp.txt"}, {"hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "path": "%TEMP%\\ch-hkisq.cmdline"}, {"hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "path": "%TEMP%\\ch-hkisq.out"}, {"hashes": ["aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "path": "%TEMP%\\tmp6A8B.tmp.txt"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "path": "%TEMP%\\dq6r3lb-.dll"}, {"hashes": ["cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20"], "path": "%TEMP%\\tmpB080.tmp.txt"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "path": "%TEMP%\\tmpB0BF.tmp.txt"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "path": "%TEMP%\\dq6r3lb-.cmdline"}, {"hashes": ["ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "path": "%TEMP%\\tmp6E24.tmp.txt"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "path": "%TEMP%\\dq6r3lb-.out"}, {"hashes": ["d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "path": "%TEMP%\\tmp6CDC.tmp.txt"}], "ip": [{"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67"], "ip": "18[.]211[.]9[.]206"}, {"hashes": ["18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5"], "ip": "195[.]20[.]55[.]174"}, {"hashes": ["a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8"], "ip": "1[.]1[.]1[.]1"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "ip": "195[.]20[.]46[.]254"}], "mutex": [], "registry": [{"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58", "b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29", "bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67", "c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1", "ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["13746e220644a60271db265fae26a592f7d49901bdb824c4f968a0fbef23b983", "18d912ab6ca9ce6253d820bebb665472b5431ead7ae1dd5362c59ec8c7e1fc40", "4770663aaa81d04a4567cca33248f1179725e09dfc69e785b4b1fd6ce706d7c7", "7f2cf02f9b738ef140ae1e90af713c6c4b7d290f06e18b5a9e7616f4eb10a369", "8fbc3e07630dd54fafdd190e13017d4686f9f70b2c634ca073b2a369a4188032", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8", "b63f7c15d2ede3088b030278456bfad6f3bd7a9e07ffd135d816704973dd7a89", "cea5084a781e34efd60a8736b2b2f26c2237017dabfecfae1ff2fe0c58d19f20", "ed09e114587fdabe6c94919a268c6532d55241f32d43a0e06b3c0ac04a15201b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "iTunes"}, {"hashes": ["1117fdfd868cc15b5787f6ff98c0a2e9329093e91d6d352e14a9c351b1991fdb", "1b3715036d976877787e3213634de9928113a39733452618e2e967fb04561d91", "312e4eec7cdd913b12a2988ce18e97572c2a85ab9afde72ac5b50da68fbc8f08", "3c839d7f8b8770d07ddb6b5fa16d11a8024b71bdbd6dadd6ee5461fb5de59fb3", "55f9caabd50f44c66614d46da0613c6800190961288372883447a49400526c0d", "802ca590b720174ce7a9fff3526577a826ad81ef4d1724b5e01c93224f07fa75", "9f3a6dae7b4601f5d8a4d4da23f4fb0111312a257d0c6a582501c8287c86e5fa", "d5ba22a7361f2ff31855e21d2faa60449091dfd1a27103ec1a253e39d81ad3f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Adobe"}, {"hashes": ["a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb", "a47f9735843f36b347871b51b03b87004efed2049cb5610f072015de56468cd8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}, {"hashes": ["46abf2a6105b05f3c840fd95c2c3c15e03c8bafa395fa26ac8442cdcaee395d0", "aee6b4a83a725982dace7285dd265c695518c8253c718c8240fad5bb5a1a3b58"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AdobeR"}, {"hashes": ["a14e5e9e6ab512d73cb755712319336f76c67ae3a3be992f5ce2b48cd131cbeb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AdobeX"}, {"hashes": ["b52d96f54c5fecd727d4e5f1c2cccf43f0e8f606ffcb6b7729948bc109874b29"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AdoR"}, {"hashes": ["bfd5efba6b056de7d35a470d2185b52ff02ada956c696de15e1f4f9b2ebefd67"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "VideoGames"}, {"hashes": ["c375a52fdf14b9e0ec1d3aa757f2ab4c49a6c4f5ceba7db22ca0a443e29de2f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Media Player"}, {"hashes": ["ece559cc33b18ad5413ae1440b1f32d21e4f1fc88d0457eb4ee1e2874eea3b11"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "shell"}]}, "reports_count": 24}, "Win.Dropper.NetWire-8176767-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "files-created-vbs", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "vbs-calls-shell", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "startup-folder-modification", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-netwire-mutex", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-flagged-suspicious-au3", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1064"]}, {"bi": "process-hollowing-detected", "hashes": ["65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891"], "mitre_attack_tags": ["TA0005", "T1093"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "NetWire is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "b4f5b7f9616e2610bc346615dba094da741618065b31768104d3e09456a5e53c", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0", "d45befdd45528cdf0210ab2c7b1c96dd686f290b57d25e624c8e1bb4a56e2b0c", "d8929889ca110fdc2f8e70f40fe83f3feb7d41f169b3ef3fca9c919c58d61ca8", "e6cc6b227fa9bf8870e79b2997956d7edd2be69945a8b99320390b4f4f1de8fa", "e8f77eb0543b38ab1211501a6f824d2fde3f42d0eb3f54c8bcd27533d5ee3032", "ed72574d9bc938e8d62701aeb3a22f1eb32cfcfe796cd7258f6b5de278a57a65", "f29aa7d373a1ea7277a90345a81f7e5e785451223371dc4b7b2e885f1f76a1f4", "f4d67f66d698f9276026117fb5ced1a48e2d237fa206c254d7a59f93e0edf6cf", "febf9693741bf50f8bd6a5942aed3f2912c836fce84556c7c560d38125091953"], "iocs": {"domain": [], "file": [{"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\asferror.url"}, {"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "path": "%APPDATA%\\asferror.vbs"}, {"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "path": "%APPDATA%\\mirco"}, {"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\asferror.url"}], "ip": [{"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "ip": "66[.]154[.]113[.]239"}], "mutex": [{"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "name": "-"}], "registry": [{"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "key": "<HKLM>\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2R7E0MB5-3C78-015R-5PA4-2N217P65OAC6}", "value_name": null}, {"hashes": ["04847008b010424609cd580987144a2b9677bfe39e89209d8fcbab8d8d2f7698", "09919052f61ac1660c86c85b46c21d22f62121ad61d8ac7b14d8bf27cfd5308a", "0bd7a9cb935a1a2692cb120f88b0f8a4cb8042746834a023d8ae216582495e9e", "11c8cd80992992b1c181e939b5622f34e5b0f3af5ab5d29f57958e7a64d4aad9", "134a537201d2569aa5784c2ebdb826d42185ea1fcc24668f92fbb163b77186a8", "14352e9647cf27ffb8de0c52f3d2095283deabc1b2825bf4e49bf27da8b4b531", "22a45e245fe93a4b04c80bbec0ea5451f10d2dacae1aafd8fb8594a881f7cca2", "2795051768e00fdd656142d08ee702a65c3b469e5f7a14a2d40f30e08ede345a", "2a3c5d8da5fe94a58d673eb10f830b3932a51a70b59862abf4ff07dfd1ae2dd2", "32fbb4bcd22521d42f106ffa3ee75bda96e90ea99e1208a6324e8281b86c58bb", "339e5855335cd1530550ce94570da90a6db5422a4a8aae169f1dd23fda65ce04", "4d950ff6aa9ba6f447001fa25b355cad5bf610410c9706e3a19222ccd924d1e0", "542571f351908e93395402cfc3feba38d4f09d3c57fec1edc008d44576a7c9ad", "5a6575cb82ed9dad3bd706d944461246af214677917aa1e9af1d01b59580232a", "5ec67cee06f6192e9514bd730c71bc2b5c79f0b7120fcb4958aa674b15b12cde", "65fe4e2908ca3ebea0d3e697e3c3e686e171e27ec2f62ebdb9f36ed90db47d74", "6d159c2f3b6f1fd253503f7ee0d883f0e8cb4ae02ca14e92e96c6546b14b03d5", "6fdfb8c930755351f594cf9ef176208464708d121e6893cf6204bb7e13b62a69", "79581bda91ef8fb31f72d8c5615c2f4963aeec56360dafb03ff6c67d1f489e56", "85b4e1882607f4faa02a6eb9e50be0baeefbcfd8b271ee277fc5a7eb578285c1", "89541dbe2042acee8e94d6e65a77ad2ea66a9645a00a879ab00d9bd719e7ea84", "8db080f182124b049405bda1d07d9d9dd0a2aecc19fed8edbcfc40f4dbc0dbb0", "9452a2f66b89a471be96088bf8a42d2d6fcd411502280b6b0bddd010d1ea480c", "9eb9fa01d1858d378bc391d1ea73e53d18eb8be04dea25b97be302f0cc5f2891", "af61ecaffad4e441df4726871261a738eed18b62ff72ee015e61d8d362b6dc17", "c37fefdf6e3e78ecd109d51b0da72c00a12f856d3c614b2cc60b4ccee8bcadff", "c8f64d8f778eaa4f2a01188c327246dfd60c1605b163291d8b483b0cc13861a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{2R7E0MB5-3C78-015R-5PA4-2N217P65OAC6}", "value_name": "StubPath"}]}, "reports_count": 27}, "Win.Dropper.Ramnit-8176536-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "990b55a5c7fae21e5dc71d17024c7a2ec47b4d7a7fcf3cb550bca73163805a23", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "990b55a5c7fae21e5dc71d17024c7a2ec47b4d7a7fcf3cb550bca73163805a23", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "990b55a5c7fae21e5dc71d17024c7a2ec47b4d7a7fcf3cb550bca73163805a23", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "990b55a5c7fae21e5dc71d17024c7a2ec47b4d7a7fcf3cb550bca73163805a23", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "malware-ramnit-mutex", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "new-service-launched", "hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "pe-header-timestamp-future", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-policy", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-snort-file-generic", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "document-decoy-dropped", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-modified", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0003"]}, {"bi": "process-modified-quick-launch-file", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "network-snort-os-windows", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "html-js-uses-eval", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "internet-explorer-searchscope", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": ["TA0006", "T1185"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-snort-protocol", "hashes": ["d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "nginx-webserver-detected", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": []}, {"bi": "js-contains-massive-strings", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-hex-vars", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-pua", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "mitre_attack_tags": []}, {"bi": "rfc1918-ipaddress-detected", "hashes": ["d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "js-calls-activex-object", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-iframe-no-space", "hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "mitre_attack_tags": ["TA0010", "TA0011", "T1071"]}, {"bi": "detected-trojan-added-as-service", "hashes": ["3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-pending-delete", "hashes": ["4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "mitre_attack_tags": ["TA0005", "T1107"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It also has the ability to steal browser cookies and attempts to hide from popular antivirus software.", "hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "990b55a5c7fae21e5dc71d17024c7a2ec47b4d7a7fcf3cb550bca73163805a23", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "iocs": {"domain": [{"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "host": "fget-career[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "outlook[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "rover[.]ebay[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]onenote[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "itunes[.]apple[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "contextual[.]media[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "img-s-msn-com[.]akamaized[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]autotrader[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "flights[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "linkmaker[.]itunes[.]apple[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "carrentals[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "static-global-s-msn-com[.]akamaized[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]skype[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "msn[.]benevity[.]org"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]fool[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "o[.]aolcdn[.]com"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "host": "tvrstrynyvwstrtve[.]com"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "host": "rtvwerjyuver[.]com"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "host": "supnewdmn[.]com"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "host": "wqerveybrstyhcerveantbe[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "msn[.]lockerdome[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "blogs[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]fubo[.]tv"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "disneyplus[.]bn5x[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "go[.]web[.]plus[.]espn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "alchemist[.]go2cloud[.]org"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "api[.]msn[.]com"}, {"hashes": ["0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "c4[.]ak47a[.]cn"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "sb[.]scorecardresearch[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "img-prod-cms-rt-microsoft-com[.]akamaized[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "c[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "www[.]bankrate[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "web[.]vortex[.]data[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "confiant[.]msn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "lockerdome[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "static[.]chartbeat[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "adserver[.]adtech[.]advertising[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "host": "at[.]atwola[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "acdn[.]adnxs[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "bttrack[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "www[.]bizographics[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "eb2[.]3lift[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "hbx[.]media[.]net"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "id[.]rlcdn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "gum[.]criteo[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "cdn1[.]lockerdomecdn[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "match[.]sharethrough[.]com"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "host": "shadiao[.]f3322[.]net"}], "file": [{"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "path": "%ProgramFiles(x86)%\\Microsoft"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "path": "%ProgramFiles%\\Internet Explorer\\dmlconf.dat"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "path": "%ProgramFiles%\\Microsoft\\DesktopLayer.exe"}], "ip": [{"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "72[.]26[.]218[.]70"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "204[.]79[.]197[.]203"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "82[.]112[.]184[.]197"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "192[.]229[.]211[.]36"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "45[.]55[.]36[.]236"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "52[.]16[.]225[.]15"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "23[.]5[.]230[.]228"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "172[.]217[.]7[.]174"}, {"hashes": ["0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "112[.]3[.]25[.]143"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "104[.]129[.]67[.]136/31"}, {"hashes": ["24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "172[.]217[.]197[.]113"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "20[.]36[.]253[.]92"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "23[.]218[.]116[.]185"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "23[.]13[.]208[.]102"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "172[.]217[.]197[.]138/31"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "ip": "172[.]217[.]197[.]100/31"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249"], "ip": "172[.]217[.]197[.]102"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "104[.]129[.]67[.]138"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "76[.]13[.]32[.]147"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "152[.]195[.]14[.]41"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "23[.]196[.]52[.]77"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "108[.]174[.]10[.]14"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "192[.]132[.]33[.]46"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "74[.]119[.]119[.]139"}, {"hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "152[.]199[.]5[.]24"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "35[.]241[.]8[.]149"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "74[.]6[.]138[.]75"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "151[.]139[.]241[.]28"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "35[.]207[.]24[.]140"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "13[.]107[.]42[.]14"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "103[.]94[.]180[.]11"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "3[.]222[.]139[.]80"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "23[.]0[.]48[.]106"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "54[.]175[.]87[.]114"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "54[.]192[.]29[.]64"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "ip": "54[.]88[.]245[.]98"}, {"hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "68[.]67[.]160[.]74"}, {"hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "23[.]6[.]16[.]98"}, {"hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "74[.]121[.]140[.]14"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "ip": "64[.]202[.]112[.]191"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "23[.]196[.]75[.]156"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "ip": "152[.]199[.]5[.]13"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "35[.]168[.]212[.]34"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "23[.]196[.]72[.]151"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8"], "ip": "121[.]89[.]216[.]126"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "ip": "117[.]152[.]196[.]111"}, {"hashes": ["3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "ip": "103[.]229[.]124[.]96"}], "mutex": [{"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "name": "KyUffThOkYwRRtgPP"}, {"hashes": ["0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "name": "{79345B6A-421F-2958-EA08-07396ADB9E27}"}, {"hashes": ["0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "name": "{<random GUID>}"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "name": "Global\\KFIFavorites"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "name": "HistoryUpgradeExecuting"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "name": "Local\\MSCTF.Asm.MutexDefault0"}, {"hashes": ["3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "name": "127.0.0.1:8000:Rsiggc qsmiccmq"}, {"hashes": ["2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157"], "name": "47.96.133.212:8000:Rsgkgu qkqikqqa"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8"], "name": "121.89.216.126:9000:Rsseew icoyckqy"}, {"hashes": ["1082f4d8395dea2ea032c82befbb5fdf0de525c2fdf255b8e04196d40be25973"], "name": "c4.ak47a.cn:1747:Superdy360"}, {"hashes": ["d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "name": "ljl1995.com:1747:Rskepv beokccpx"}, {"hashes": ["4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718"], "name": "namenamename258123.zhuanbaoba.com:63333:Rskmms wkgyqyqo"}, {"hashes": ["a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285"], "name": "127.0.0.1:8000:Rssomw iywwkoma"}, {"hashes": ["4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93"], "name": "127.0.0.1:8000:Rskwsc iwwamgma"}, {"hashes": ["575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249"], "name": "127.0.0.1:8000:Rsvgpp nntuecwq"}, {"hashes": ["24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902"], "name": "127.0.0.1:8000:Rspgtt vvxqmgic"}, {"hashes": ["1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd"], "name": "117.152.196.111:8000:Rsuogk qiewiiqs"}, {"hashes": ["0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b"], "name": "notfpsever.e1.luyouxia.net:26972:26972:Rskmgq oegwyqyu"}, {"hashes": ["3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9"], "name": "4562.f3322.net:9000:Rssbge pfixdvkq"}], "registry": [{"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": null}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ConnectGroup"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "1f22e6aabcba1a3ee7f960ad16265a90f36c858b932d067dadb87ce24a67f3bd", "24ddfaa49d23ff1c2e77fdb1fbcc08a221ea232c19910a7c42a6b1bf7bd32902", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4314d4b67eafc3db322f32601947f490bcc7dcec93cbfab5a753fc4806ca4b93", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "575edb997832ea7029b04116b8c7643871a28b03531630084adf6563afa5c249", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90", "a37e605ee3a952abc0c06a5a294acfc00b406d62db1b9c296ca08f4b6b5a0285", "d7c27b39f146f14514eeeb013e02820de37c0ba691d082169f8ef3b4c6347b5f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "MarkTime"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Type"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Start"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ImagePath"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "DisplayName"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "WOW64"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ObjectName"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Description"}, {"hashes": ["0163f48d0e9dcd3111e691eb8923057233cdd84106ddcbd62cb7ee52e02fc5c8", "0379257b7c1fa96696b842170370125ef091fa653555d819e994143e0f4be28b", "2922eaba0ab9dab526a73d0834960c8cb32d42b0d865cd73bee9b5eb27981157", "3449f9c3fa8303e67b696c14696bb941c99c3bea413c3fcd2a247971e65808a9", "3781c206be1febbf071c2a76203f0fc0ff5547ffef254d88d7da21c35f9bdfe5", "4809d4f44c7c9b6c5f03bbd35c0414fd82f62ebcb0fa1c27794797c24be26718", "7cbf99304ec79cd0d5a856c292ec3279e0529505b2cdd52a5e04e193448d9e90"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "FailureActions"}]}, "reports_count": 15}, "Win.Packed.Emotet-8082161-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "deleted-submitted-file", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "mitre_attack_tags": []}, {"bi": "malware-emotet-mutex", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879"], "mitre_attack_tags": []}, {"bi": "high-heuristic-score", "hashes": ["d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "iocs": {"domain": [], "file": [{"hashes": ["961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1"], "path": "%SystemRoot%\\SysWOW64\\NlsData0027"}, {"hashes": ["ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a"], "path": "%SystemRoot%\\SysWOW64\\appidapi"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "path": "%SystemRoot%\\SysWOW64\\cmstplua"}, {"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b"], "path": "%SystemRoot%\\SysWOW64\\EhStorAPI"}, {"hashes": ["d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons002a"}, {"hashes": ["88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292"], "path": "%SystemRoot%\\SysWOW64\\whealogr"}, {"hashes": ["b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5"], "path": "%SystemRoot%\\SysWOW64\\w32tm"}, {"hashes": ["806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23"], "path": "%SystemRoot%\\SysWOW64\\lz32"}, {"hashes": ["ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "path": "%SystemRoot%\\SysWOW64\\wmdrmdev"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "path": "%SystemRoot%\\SysWOW64\\PSHED"}, {"hashes": ["92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2"], "path": "%SystemRoot%\\SysWOW64\\CertEnrollCtrl"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "path": "%SystemRoot%\\SysWOW64\\msfeedsbs"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879"], "path": "%SystemRoot%\\SysWOW64\\extrac32"}, {"hashes": ["d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-libraryloader-l1-1-0"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "path": "%SystemRoot%\\SysWOW64\\cmdl32"}], "ip": [{"hashes": ["806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "ip": "190[.]144[.]18[.]198"}, {"hashes": ["88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "ip": "87[.]106[.]136[.]232"}, {"hashes": ["88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "ip": "87[.]106[.]139[.]101"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "ip": "80[.]11[.]158[.]65"}, {"hashes": ["88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "ip": "37[.]187[.]72[.]193"}, {"hashes": ["88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3", "b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5", "d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c", "fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "ip": "79[.]143[.]178[.]194"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2"], "ip": "91[.]236[.]4[.]234"}, {"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499"], "ip": "190[.]19[.]169[.]69"}], "mutex": [{"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "name": "Global\\I98B68E3C"}, {"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "name": "Global\\M98B68E3C"}], "registry": [{"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b", "626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892", "92c7526ada570a46f13b920b071915b2efd3bb7e025d18f290c808a5b8da97a2", "d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "98b68e3c"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["626a83472418cc757d05ec3a1c2a2f73ba0dd90851c8c16806ce7557a979d879", "806ab67b3aec3028f4132ae8b0cde816da09e337bd6380dea77b2e6cae261e23", "88e3109eaa7fd6de65470cdc84618564f98fd5d2777837be6205c441f1b8a292", "961915c930315db7aad15906772b8f4ef0411b5c8c3c936c6d3be550fd7656e1", "ea60bd0c480e51e2e5fee1aa947f06988d99db5906ba0f637de906e5b7d9ed0a", "ee90f1631dfec6fcd075b687a0538a0203ae94e6dcb06c553e4dd4e1233bed34"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "Type"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "Start"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "ErrorControl"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "ImagePath"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "DisplayName"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "WOW64"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "ObjectName"}, {"hashes": ["d27319306e9f21f4509ae9eb09468e71fcaf2a5dada91ae090b10291dc23f57c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "Description"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": null}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "Type"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "Start"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "ErrorControl"}, {"hashes": ["28f45c3bdef40c864939b203fe42b97691e96cc1a26786f542a21238452bb45b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSTORAPI", "value_name": "Description"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "ImagePath"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "DisplayName"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "WOW64"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "ObjectName"}, {"hashes": ["8bf76f5f209639df749a91a2865cf25e066f4652f5f9d791593c2e07b75299f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTML", "value_name": "Description"}, {"hashes": ["d6a3e6dc6c122c4c2c7d7f3818d2de684397a38ed08022dd12905c7914366499"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS002A", "value_name": "Description"}, {"hashes": ["b157599051151586660a5e78a98ea1bfd2ec49fdd6f133780f7acfe26ed76ba5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSSHAVMSG", "value_name": "ImagePath"}, {"hashes": ["d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCISEQ", "value_name": "ImagePath"}, {"hashes": ["d161f02bf8469bba4fe10eb747e06583f4bf3d03c8cb7526e817deb21c331744"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCISEQ", "value_name": "Description"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": null}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "Type"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "Start"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "ErrorControl"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "ImagePath"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "DisplayName"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "WOW64"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "ObjectName"}, {"hashes": ["922e78c72fb593a1da98c7792472c103c5af35090ad6e121fe5acedde7112892"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CMDL32", "value_name": "Description"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": null}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "Type"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "Start"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "ErrorControl"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "ImagePath"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "DisplayName"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "WOW64"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "ObjectName"}, {"hashes": ["fe5c2dace461fee5760c04d3aff6a2ecf246687c9d4b74bde795809d60b59abf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS081A", "value_name": "Description"}]}, "reports_count": 15}, "Win.Packed.Zbot-8176461-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-user-dir", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5"], "mitre_attack_tags": ["TA0003", "T1060"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "iocs": {"domain": [{"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "host": "mnz-efz[.]ms-acdc[.]office[.]com"}], "file": [{"hashes": ["2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%APPDATA%\\iexplorer.exe"}, {"hashes": ["3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\PC - 6-23-2020-9.13.28-AM.gif"}, {"hashes": ["3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\PC - 6-23-2020-9.10.28-AM.gif"}, {"hashes": ["3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\PC - 6-23-2020-9.12.28-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088"], "path": "%TEMP%\\PC - 6-23-2020-9.11.29-AM.gif"}, {"hashes": ["c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\PC - 6-23-2020-9.11.27-AM.gif"}, {"hashes": ["9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10"], "path": "%System32%\\iexplorer.exe"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.10.55-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.10.56-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.10.58-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.10.59-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.00-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.01-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.02-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.03-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.04-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.06-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.08-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.10-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.11-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.12-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.13-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.15-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.16-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.17-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.18-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.20-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.21-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.22-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.23-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.25-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.26-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.27-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.29-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.30-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.31-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.32-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.35-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.36-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.37-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.38-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.40-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.41-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.43-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.44-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.45-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.46-AM.gif"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "path": "%TEMP%\\116938 - 6-23-2020-9.11.47-AM.gif"}, {"hashes": ["9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253"], "path": "%APPDATA%\\Microsoft.exe"}, {"hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476"], "path": "%System32%\\system32.exe"}], "ip": [{"hashes": ["3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "ip": "142[.]250[.]31[.]108/31"}, {"hashes": ["2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "ip": "173[.]194[.]175[.]108/31"}, {"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "ip": "52[.]96[.]15[.]178"}, {"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "ip": "52[.]96[.]9[.]2"}, {"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "ip": "52[.]96[.]88[.]50"}, {"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "ip": "52[.]96[.]88[.]66"}], "mutex": [{"hashes": ["2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492"], "name": "pZWQigDYwD"}, {"hashes": ["bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088"], "name": "UQFZPGUeNN"}, {"hashes": ["968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5"], "name": "PLzULCPZII"}, {"hashes": ["9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5"], "name": "iBVoiYENNM"}, {"hashes": ["d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "name": "lgVpgXkved"}, {"hashes": ["3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405"], "name": "CUoICrXggf"}, {"hashes": ["9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108"], "name": "MBxrKHdzYe"}, {"hashes": ["c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476"], "name": "zujEulyKsr"}, {"hashes": ["bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10"], "name": "aMFMpDCSWZ"}, {"hashes": ["c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb"], "name": "wsgBriwHpo"}, {"hashes": ["9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253"], "name": "BaphSzCWyE"}], "registry": [{"hashes": ["2fd57d79186295b19653f2a83d099a20c5d04fbe194893aed69aa1d376046492", "3afef4e594621bc5a71ba9cbf05f9d6ee55102620f3f3719bc79ae8426526405", "968c9503eb535de384a86714f2e24cec5bad278bbde0ca1160583ba3c8d389b5", "9725a8b3416a0cb897ea3c8482533e73a466bfd2c1a29a8b43a278dbcd231108", "9817508dcfc3047752d43444f7903d7d1e8e3cd6e814e43f4fd53ea920598253", "9c15c96132e2fd335dd7f5a1abefc6e408b64ff943ffd412a1fb5c5d715266f5", "bd11e0fe4f8c927bde8aa40dabfc9b6d63f761618819a44e0689f23180c1be10", "bffccc4ae3a7608667c043eb628cffc03b2aefb60a6258b68753a65a3dbf5088", "c0529c07e87a56ca97d28d129d8d247e2af10fcf35d10f274769e6a24c09c476", "c8763262a4a6edffb4338752730ec703ddd0f6a37b4dd15e2bfdeb4c93be72bb", "d9c551668bcc65e80b5ded0eea293303df7d0c74b24501e836fe62c54c832278"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}]}, "reports_count": 11}, "Win.Packed.Zusy-8182349-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-http-blank-user-agent", "hashes": ["fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "malware-known-trojan-av", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "unsigned-roaming-execution", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-tls-callback", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-compound-cta-activity", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xtreme-rat-registry-key", "hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe\". When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "iocs": {"domain": [{"hashes": ["2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "host": "dl[.]dropboxusercontent[.]com"}, {"hashes": ["2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b"], "host": "www[.]site[.]com"}, {"hashes": ["5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff"], "host": "rghost[.]net"}, {"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "host": "ar[.]rghost[.]net"}, {"hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "host": "pastebin[.]com"}, {"hashes": ["ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5"], "host": "directxex[.]com"}, {"hashes": ["1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "host": "dc203[.]gulfup[.]com"}, {"hashes": ["f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0"], "host": "download1654[.]mediafire[.]com"}], "file": [{"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "path": "%TEMP%\\dw.log"}, {"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "427f511ed3def0ec25925ffc6826a1041d4cafd96c83608ac493653f7525274e", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "a0d08aaacf4f3f35d1833179bd75e271de1fda2a2191706e1c0157c30c3704cd", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Server.exe"}, {"hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "path": "%TEMP%\\x.html"}, {"hashes": ["1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd"], "path": "%APPDATA%\\Microsoft\\Windows\\Templates\\Camfrog.exe"}], "ip": [{"hashes": ["2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "ip": "162[.]125[.]8[.]15"}, {"hashes": ["2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b"], "ip": "204[.]74[.]99[.]100"}, {"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7"], "ip": "138[.]201[.]21[.]203"}, {"hashes": ["5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5"], "ip": "104[.]27[.]162[.]117"}, {"hashes": ["ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5"], "ip": "96[.]47[.]230[.]69"}, {"hashes": ["b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0"], "ip": "199[.]91[.]152[.]154"}, {"hashes": ["fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff"], "ip": "104[.]27[.]163[.]117"}], "mutex": [{"hashes": ["0acd6d045bb4f7453cb2348cb5687cd6213c04fa1a2c354cfad213b6eba5f4ec", "1fdea5b9d89ab62a297e9eb2101389b21b0cb110f0efef07b9e86cd940d671cd", "2b6d1b96124cfee83314000e9bc54c18c5654ca04eaa839ec3c23834a101ebd9", "2f86060cc9aa517691719c349bcdd5f0fdf2800044566ef42f0ce7a94156f8e1", "3da92815d869ae0faf1c54d2370aee6b3008e1e4d9f09520d71d3b4476755ad1", "5a08360182282a60da516c1bdc150ab368684075f5a84ce7d24ad2ff0400ce2b", "625f656a9964d748c3ab929defaef51b4c0c123b2527db44c7f0eccb0c490c5b", "77093ad246b7f6a7731f5ae14bfbcc151f730dbbee655f6141237f3330427a0d", "9bb6bfbf0b481a98853e8e381a2353733f6514623cce14b1fd37bd24a65e45b8", "b22547c35a9a810aaff8c400e655362666d12fed13ed408df9a4e86ddb8fa55d", "d0978379503a84d85b44dfbe5aed24553b414828417f04acc0104bbf2b2f34b5", "e0e5b59eaf6601af850145bb7538e7b71bd577965059cb2ee0fe0c8c1e1d722f", "ec9fa20e89ad21b091880dc2d7c531eddfb198a1779012fbf064ddc3e1cf36d5", "f09ee6861b15d573c9ec764fb5d7c6e1b0f1110bc612573143b3db9ca12711b7", "f5e881fddbcf08ad2c8644529a0a9c311cd6a7b20cf6b594214abfbc7193f9d0", "fa4c8f09999b3a0613a83827d3441858c5bf2373a10be72dc8c0ae886d199aff"], "name": "Global\\<random guid>"}, {"hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "name": "ZHC43hxiAT"}, {"hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "name": "ZHC43hxiATPERSIST"}], "registry": [{"hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": null}, {"hashes": ["fff878c113c7d539047c164419fbca2b429b53e3584fae1d2aa1e7b27ffc1a6e"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": "Mutex"}]}, "reports_count": 19}, "Win.Ransomware.TeslaCrypt-8182300-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "pe-uses-armadillo", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-dns-category-proxy", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-program-dir", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-server-error", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "excessive-file-modifications", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0007"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1490"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "html-js-uses-window-open", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "process-read-ie-cookies", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "TA0003", "T1490"]}, {"bi": "process-deletes-many-files", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-teslacrypt-31", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "artifact-multiple-extensions", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "modified-file-on-usb", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "process-hollowing-detected", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "process-modified-quick-launch-file", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "pe-invalid-checksum", "hashes": ["1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "unsigned-roaming-execution", "hashes": ["1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-with-multiple-children", "hashes": ["ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b"], "mitre_attack_tags": ["TA0005"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TeslaCrypt is a well-known ransomware family that encrypts a user's files with strong encryption and demands Bitcoin in exchange for a file decryption service. A flaw in the encryption algorithm was discovered that allowed files to be decrypted without paying the ransomware, and eventually, the malware developers released the master key allowing all encrypted files to be recovered easily.", "hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "iocs": {"domain": [{"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "en[.]wikipedia[.]org"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "www[.]torproject[.]org"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "www[.]sedo[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "southinstrument[.]org"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "grant-pro[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "iicsdrd[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "bddadmin[.]desjardins[.]fr"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "dunyamuzelerimuzesi[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "educarpetas[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "83gd65jfh24jbrwke43[.]brocksard[.]su"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "pp4dehh5nlkcs[.]pesslaugh[.]com"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "host": "ss7fh33dfnourebfle[.]geckoyao[.]com"}], "file": [{"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I478AKJ.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4FI238.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4FKVBH.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4QK3KJ.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I5QX7W9.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I77RW1L.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I7J37KF.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I9NSD58.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IANXEE8.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IC5NB1M.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ID60W3E.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IIUTK07.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJE160U.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IKAVPAE.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IL2NS3P.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$INKC8CM.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IP8M1EE.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IPDP9E0.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ISIYA4I.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IV54ALI.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IWK2JPN.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IWYYKMD.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXC3P46.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IZ7KADN.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R0Y9SM6.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R0ZU5JT.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R478AKJ.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4FI238.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4FKVBH.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R4QK3KJ.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R5QX7W9.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R7J37KF.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R9NSD58.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RANXEE8.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RC5NB1M.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RD60W3E.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RIUTK07.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJE160U.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RKAVPAE.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RNKC8CM.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RP8M1EE.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RPDP9E0.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RSIYA4I.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RV54ALI.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RWK2JPN.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RWYYKMD.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXC3P46.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RZ7KADN.txt"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "%HOMEPATH%"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "path": "%APPDATA%\\<random, matching [A-Fa-z0-9]{5,8}.exe"}], "ip": [{"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "ip": "176[.]74[.]179[.]58"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "ip": "209[.]127[.]83[.]225"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "ip": "104[.]247[.]82[.]14"}], "mutex": [{"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "name": "__sys_234238233295"}], "registry": [{"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000009", "value_name": "Element"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\250000E0", "value_name": "Element"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLinkedConnections"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000041", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000041", "value_name": "Element"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000020", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000020", "value_name": "Element"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000040", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\16000040", "value_name": "Element"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{926583E4-EF64-11E4-BEED-D6738078AD98}\\ELEMENTS\\250000E0", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": "ID"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gatert-12010"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gatert-12010"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": null}, {"hashes": ["033359631f6cd3edd2d33980eda34911b7ec5857c895752f9bf6b888da87b45f", "1e11feb89090e04c3e359f608e27c3cfa3e627eb1884f2318a95d94a472bb979", "2871505f0d7b54a5880b981e1602eef2e67f7bab5546bf435eb94313164112f4", "3b66c9c5140bb7a390f6c239baf060360aa5139219c54cb8b219e752801165e2", "47e6de6c9574a2c98e595f58c0b7e89363c15761b67a867e85e25916df79a92b", "618d6d2dd1b6a5eebc0551477efaf32c62777ffc7a5092c5852844ea8783a4cd", "8824cfb7139627c0620b6304bbc53dff98b690dd40ab572e3ae28854a46e632c", "9a429001603d1bbea797bd12761f4ad31aafb08991c27628148dccc5e00f640f", "ac1c35ee74304f857fe579be4546b404ac0f34f02a21566a87eaac032efdeef7", "bbb6334d2105694a7f191109e1176a329915e0a8587be2fed74855f757b5331e", "d8c984fabf9b08bed720685edbdd284f55dc782ff126d82d285be9a96976e236", "e6572ba93fc9fedcbd7d60eaf9c1076f46f913b8549c74077b889566cd6ebcc7", "ec45bb7d7c6dec2afc90f72200b28b01e2d6c6c2e1011cef99c08f402118dd8b", "ee97c569b2f0951b5b3ef9f1c9cd8e5190a871f694e9631cfd4e3e52f5b6e35b", "f13e919456801f63622955376055f9a1ae183ceacaeeaa630041c332f98cc83a"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": "data"}]}, "reports_count": 15}, "Win.Trojan.Remcos-8176626-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialip", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-file-in-user-dir", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005", "T1130"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "windows-util-schtask-generic", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "files-deleted-used-batch", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-header-timestamp-future", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "fake-windows-directory-file-creation", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1151"]}, {"bi": "malware-gelup-artifact-detected", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "network-communications-http-get", "hashes": ["3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "url-forced-download-prompt", "hashes": ["3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "mitre_attack_tags": ["TA0005", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "2ee32bc032964be40559a82604a4941d7e38566e910e647e3a956ce9b07cec5c", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "45e4fa6c2020b4540dab321dc6f7bc98c64167127e9d9eb9bcd4e3d75b035cbb", "5e0659df78b4ff35f5e0d41eb0c44758a88c78c0534152773f56c00aaf6f6437", "6ecc2adaff1e68943661c5a3fd4592469151b20300ba6f0a4823066d96ae850e", "85919307d926304aeff6e1dda3057238653fc6e4b62fe6a51e2fce07c44eb6cc", "86fbb94d98b26ec6c8641aa5c93edc2902e755fa02863034a3c3eb33666e9fd7", "8aa9dd9f443ef012e4f3a62f8cb33258b241575801742dab834e6d93a2acbf6d", "8da905d01a4de39de8b8d86ab3e949736742c0c78951d754382e1c58403a5228", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "b1d078e0b4a3026eef276cefd0ca2882992e2f64d88094e998315d390c6e5287", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "d783113e535cc176b515bb7697eb4b5356a387acdbd65ab70b3648856318b6fc", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "eaa443151a4ffca8d611d73084109b43c549ba2705f0f94fd59652e0c4809373", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "iocs": {"domain": [{"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "host": "doc-08-0s-docs[.]googleusercontent[.]com"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "host": "site[.]ptbagasps[.]co[.]id"}], "file": [{"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%System32%\\winevt\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\Natso.bat"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\Runex.bat"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\fodhelper.exe"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\propsys.dll"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\x.bat"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%SystemRoot% "}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%SystemRoot% \\System32"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%SystemRoot% \\System32\\fodhelper.exe"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%SystemRoot% \\System32\\propsys.dll"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\cde.bat"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%PUBLIC%\\x.vbs"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%LOCALAPPDATA%\\Puzv"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%LOCALAPPDATA%\\Puzv\\Muck"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%LOCALAPPDATA%\\Puzv\\Puzv.hta"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%LOCALAPPDATA%\\Puzv\\Puzvset.exe"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%APPDATA%\\winos"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "path": "%APPDATA%\\winos\\logs.dat"}], "ip": [{"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "ip": "172[.]217[.]164[.]142"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "ip": "172[.]253[.]122[.]132"}, {"hashes": ["3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "ip": "172[.]217[.]197[.]102"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "ip": "194[.]5[.]99[.]132"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458"], "ip": "172[.]217[.]197[.]101"}, {"hashes": ["ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e"], "ip": "172[.]217[.]197[.]138"}], "mutex": [{"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "ae313916e1f6d6de3ec204282d3ede5b4111d8470ea2609be38891f51da7ed0e", "caabcb165ac93385c30ff79a9a2a4e862c660576e541dc34d3d9d9772e81d1fa", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea"], "name": "Global\\<random guid>"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "name": "remcos_nqtjidysxc"}], "registry": [{"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "windir"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9", "24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "3849ddf6618006df9e07ac84e5d5ba711c4e1c766595c08d49d0af760e5fc458", "3a85dd98bc3baeee41e8bc0d121c35e792357dc5ca9518156fac2427d8e65bf3", "d8207bb056770482d0d3c289a87486a3e1c8d6038d80f56bac1b6b487b9b78ea", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Puzv"}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", "value_name": null}, {"hashes": ["24402c40c09ccff0f631c7aa3b43a19765dc67b486ee7e2330fd48c9b469acc0", "f168ed4028b0173b0372db15afda4fcb7cdeb7deccaad5c66ca81d578b3cfff3", "fdd6591b6783f815a2ebc5cd6d5651f0e741a3dd30d256caf16defa37ef4ccee"], "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", "value_name": "EXEpath"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\system32\\p2pcollab.dll,-8042"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\system32\\qagentrt.dll,-10"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\system32\\dnsapi.dll,-103"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\System32\\fveui.dll,-843"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\System32\\fveui.dll,-844"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\System32\\wuaueng.dll,-400"}, {"hashes": ["2074bbaf53f1dc7f45efcf3b765e68bdb14f50a3ae1f12e8e490a6bbd81e70c9"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\CLASSES\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "@%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe,-124"}]}, "reports_count": 20}, "exprev": [{"count": 15707, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3359, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1928, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 1589, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1490, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 884, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 535, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 482, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 358, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 192, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 41, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 41, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 37, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 20, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 20, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 15, "description": "An exploit payload intended to execute commands on an attacker controlled host using WinExec has been detected.", "name": "WinExec payload detected"}, {"count": 10, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}, {"count": 8, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 8, "description": "Powershell.exe was detected attempting to inject code into notepad.exe. This is indicative of an attempt to hide malicious code in a notepad.exe process.", "name": "Powershell detected injecting into notepad.exe"}, {"count": 5, "description": "Aggah dropper technique has been detected. The Aggah campaign has been observed dropping Azorult, LokiBot and other malware families. Aggah employs phishing and process hollowing to infect victim machines.", "name": "Aggah malware dropper detected"}, {"count": 5, "description": "A remote HTA has been detected. This technique is used to execute addtional malicious code from an HTA file on a remote host. The Cryxos malware has been observed using this method.", "name": "Remote HTA load detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-06-26T18:22:57+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Downloader.Nymaim-8076820-0", "Win.Packed.Emotet-8082161-0", "Win.Trojan.Remcos-8176626-0", "Win.Packed.Zbot-8176461-0", "Win.Dropper.Ramnit-8176536-0", "Win.Dropper.HawkEye-8176602-0", "Win.Dropper.NetWire-8176767-1", "Win.Ransomware.TeslaCrypt-8182300-0", "Win.Packed.Zusy-8182349-0"]}