{"Win.Dropper.Generickdz-8494215-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "cmd-exe-file-execution", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-executable", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-invalid-checksum", "hashes": ["a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "network-fast-flux-domain", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "netsh-firewall-generic", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "network-snort-server", "hashes": ["edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "process-requested-named-pipe", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "dns-query-nxdomain", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-url-tracking-service", "hashes": ["edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1102"]}, {"bi": "network-opendns-malicious", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "windows-util-schtask", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-imports-empty", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "excessive-process-creates", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-with-multiple-children", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "pe-imports-exe", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "pe-header-timestamp-null", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-subsystem", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-bcdedit", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "T1063"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-util-bcdedit", "hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-phishing", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1031"]}, {"bi": "netbios-null-domain", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "sc-service-create", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "new-service-launched", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "html-phishing-page", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0001", "T1189", "T1078"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "html-small-file-redirect", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": []}, {"bi": "malware-kpot-mutex-detected", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0006", "TA0010", "T1041"]}, {"bi": "network-downloaded-executable", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": []}, {"bi": "network-dns-download-executable", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-downloaded-executed-from", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "unsigned-roaming-execution", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "process-taskkill", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "regasm-network-connection", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "mitre_attack_tags": ["TA0005", "TA0002", "T1121"]}, {"bi": "malware-tofsee-filepath", "hashes": ["d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "mitre_attack_tags": ["TA0002", "T1105", "T1112"]}, {"bi": "powershell-encoded-buffer", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "modified-file-in-program-dir", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "excessive-file-modifications", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "malware-generic-ransomware", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "process-deletes-many-files", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-dns-category-new", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-cookie-read", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-check-nordvpn-files", "hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "mitre_attack_tags": ["TA0007"]}, {"bi": "high-heuristic-score", "hashes": ["92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "nginx-webserver-detected", "hashes": ["d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "malware-trojan-bunitu-mutex-detected", "hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "This is a BobSoft Delphi application that wraps malware. The malware uses process-hollowing to hide from detection and achieves persistence across reboots by leveraging an autostart key in the Windows registry.", "hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "1de678f3f72bc2158678e8022dff3bd4991e6044a71a37e40093f0c5cb83e969", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "a54053b27fcc354601ccaab7d34e6bc77ab9c56b1c2357ee75fb9cc89131d2a1", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084", "f5e1628a187af5b76c5a800cb9a364d88908401acbb9860f78f014d38940dd94", "fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "iocs": {"domain": [{"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "host": "iplogger[.]org"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "host": "greenpalace[.]top"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "schema[.]org"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "cacerts[.]digicert[.]com"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "cdn[.]digicertcdn[.]com"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "easywbdesign[.]com"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "gfixprice[.]space"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "ordinarygame[.]site"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "iv0001-npxs01001-00[.]auth[.]np[.]ac[.]playstation[.]net"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "119[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "host": "ipinfo[.]io"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "host": "www[.]google[.]be"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "host": "115[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "host": "www[.]google[.]at"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "host": "www[.]google[.]cz"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "host": "api[.]sendspace[.]com"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "host": "k[.]daratilvfood[.]com"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "host": "x[.]daratilvfood[.]com"}, {"hashes": ["cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "host": "global-war[.]online"}, {"hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "host": "files-get[.]pw"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c"], "host": "86110e85-d82b-4ded-ba33-053f7677e097[.]server2[.]easywbdesign[.]com"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c"], "host": "86110e85-d82b-4ded-ba33-053f7677e097[.]server3[.]sndvoices[.]com"}, {"hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "32499771-20f8-4ab1-a1fc-488395e84bd1[.]server4[.]sndvoices[.]com"}, {"hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "32499771-20f8-4ab1-a1fc-488395e84bd1[.]server1[.]2makestorage[.]com"}, {"hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "host": "32499771-20f8-4ab1-a1fc-488395e84bd1[.]server4[.]easywbdesign[.]com"}, {"hashes": ["d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "host": "www[.]google[.]ac"}, {"hashes": ["aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba"], "host": "20dfcc82-a3e2-44ad-9e79-8bb605dd4b09[.]server3[.]easywbdesign[.]com"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "host": "privatemessages[.]roblox[.]com"}], "file": [{"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "path": "%HOMEPATH%"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%SystemRoot%\\Temp\\scs1.tmp"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%SystemRoot%\\Temp\\scs2.tmp"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%SystemRoot%\\Temp\\scs3.tmp"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%SystemRoot%\\Temp\\scs4.tmp"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%APPDATA%\\indepopede"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%APPDATA%\\indepopede\\filingood.exe"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "path": "%APPDATA%\\indepopede\\testoviyjuki.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%SystemRoot%\\windefender.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\ntuser.dat.LOG1"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\desktop\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\documents\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\downloads\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\favorites\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\links\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\music\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\pictures\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\saved games\\1w1uq.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\videos\\1w1uq.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\desktop\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\documents\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\downloads\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\favorites\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\links\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\music\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\pictures\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\saved games\\a8x3p.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\videos\\a8x3p.html"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201"], "path": "%HOMEPATH%\\yk393.html"}, {"hashes": ["c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "path": "%HOMEPATH%\\i3s7n.html"}], "ip": [{"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "ip": "88[.]99[.]66[.]31"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "104[.]18[.]11[.]39"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "173[.]194[.]66[.]106"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "173[.]194[.]66[.]99"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "104[.]214[.]40[.]16"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "142[.]250[.]31[.]94"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "104[.]28[.]12[.]88"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "172[.]217[.]164[.]164"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "173[.]194[.]66[.]103"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "176[.]58[.]123[.]25"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "ip": "40[.]112[.]72[.]205"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "157[.]240[.]18[.]63"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "12[.]167[.]151[.]119"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "37[.]28[.]155[.]134"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "185[.]255[.]55[.]29"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "173[.]194[.]66[.]147"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "23[.]5[.]227[.]69"}, {"hashes": ["aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "104[.]31[.]77[.]84"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "172[.]67[.]211[.]60"}, {"hashes": ["92fc73572256b3db6b950610a001d3989d21894950098581e783b68ad3eeda4e", "edc36f8ab61df8483a45ed5389fd65da034e6652f4b7e7bf7cd38a01e003e084"], "ip": "84[.]38[.]180[.]145"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "ip": "5[.]101[.]50[.]59"}, {"hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "ip": "84[.]38[.]182[.]245"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0"], "ip": "81[.]177[.]6[.]78"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "173[.]194[.]66[.]104/31"}, {"hashes": ["d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "ip": "209[.]126[.]119[.]177"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c"], "ip": "172[.]67[.]143[.]109"}, {"hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "104[.]31[.]245[.]10"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "ip": "74[.]125[.]28[.]27"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c"], "ip": "104[.]28[.]13[.]88"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "ip": "52[.]71[.]151[.]238"}, {"hashes": ["55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979"], "ip": "34[.]205[.]201[.]146"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c"], "ip": "104[.]31[.]254[.]10"}, {"hashes": ["e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "ip": "172[.]67[.]133[.]129"}, {"hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84"], "ip": "80[.]249[.]145[.]161"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0"], "ip": "128[.]116[.]112[.]44"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "ip": "173[.]194[.]68[.]138"}], "mutex": [{"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\SetupLog"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\Mp6c3Ygukx29GbDk"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "1dc907539dc8fc57e6b3cbf1a276ccce"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\1dc907539dc8fc57e6b3cbf1a276ccce"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "25ba6ebb3e470993540ebc62e98a51e2"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "name": "Global\\25ba6ebb3e470993540ebc62e98a51e2"}, {"hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "name": "7FD5DB439F901942779736"}, {"hashes": ["5ad38a0c3bb3ca5eb8e4f3ebb0965f798f426849ddf2f92bfa8d36edd97e7b84", "cb5ccff7db063f01a06d9c1ad11bbcf4d0910099a4aa6c492733e17df4fc7812"], "name": "E6EE507B50F82876534592"}, {"hashes": ["58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08"], "name": "Global\\530D4C9F-32A8-6FCB-DFF6-A5DE7490E287"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "GJLAAZGJI156R"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "I-103-139-900557"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "J8OSEXAZLIYSQ8J"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "LXCV0IMGIXS0RTA1"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "MKS8IUMZ13NOZ"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "OLZTR-AFHK11"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "OPLXSDF19WRQ"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "PLAX7FASCI8AMNA"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "RGT70AXCNUUD3"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "TEKL1AFHJ3"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "TXA19EQZP13A6JTR"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "VSHBZL6SWAG0C"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "chimvietnong"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "doigstralike"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "drofyunfdou"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "dwongfumkli11"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "kliaduosix"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "limdouxdaz"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "quangduongfu"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "shwonfolua"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "sioxzuodang"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "sougiguang"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "tiencuonfdom"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "tramdoquang"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "dfangsmoulikq"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "hongframousdi"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "loivishhogd"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "loumgdpongtao"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "miangfukuong"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "mipfartoufp"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "<random, matching '[A-Z0-9]{14}'>"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "hiewroangdo"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "toanhongomug"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "toanfonghl"}, {"hashes": ["fbb5fd9232250955d2ffa6101f488df503dfa6c38cd3d976fe8e3de41ce7633d"], "name": "vnhiewumaret"}], "registry": [{"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "58eaf9fa794dc45dbf8fa6844a3be23e06bbf9d400e8e4b21ce33bdc0f253201", "81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "c741f7484f1284b300d5f20c007ccb4523ba5edafa70515041fb3ec818d12d08", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["107b613427237963579b4a064e7dfec414bae75662156fa111856f2c014444b2", "34e2b61d9aa2f8ee0127290e4024d4035303b2b4ed8bc59c9cf314286e0f6aa0", "3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\66\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\INSTANCES\\WINMONFS", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\22000011", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000009", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000002", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\14000006", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000048", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\25000020", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\22000002", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\21000001", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\11000001", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\DESCRIPTION", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000004", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON\\SECURITY", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\SECURITY", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR\\SECURITY", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFENDER", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFENDER\\SECURITY", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFENDER", "value_name": "DisplayName"}, {"hashes": ["3bd4968eb51d12a61c7546519362818eab6932cb842b746a8c0af05659d434f0", "55aaa64d206257d4c3f4b8c4466f6dfc0097bb0f2f845a79170c88f0a2a33979", "d77421469e73a196d488154fc1555330685ee6f306c24f09173c678eea84a29d"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d12c99f7af77\\d12c99f7af77"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "d12c99f7af77.exe"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CampaignID"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["81d3062394ed9845b9151312cf43d3a4396cb7c6ad430fcd5b6db1ccb513ce4c", "aa71a0eb1146acd09802a64d135e209779a1f1f284b68831f5515ff9fe225bba", "e3b133cf38c4960310aa7abc1f12f625dbe9768fb913cd2a5cb8f88175e6588e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}]}, "reports_count": 18}, "Win.Malware.Emotet-8568701-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "deleted-submitted-file", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c"], "mitre_attack_tags": []}, {"bi": "malware-emotet-mutex", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "iocs": {"domain": [], "file": [{"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\WebCache\\WebCacheV01.tmp"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c"], "path": "%SystemRoot%\\SysWOW64\\wsnmp32"}, {"hashes": ["cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868"], "path": "%SystemRoot%\\SysWOW64\\netfxperf"}, {"hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "path": "%SystemRoot%\\SysWOW64\\wzcdlg"}, {"hashes": ["887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08"], "path": "%SystemRoot%\\SysWOW64\\cscobj"}, {"hashes": ["bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268"], "path": "%SystemRoot%\\SysWOW64\\wlaninst"}, {"hashes": ["1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c"], "path": "%SystemRoot%\\SysWOW64\\msasn1"}, {"hashes": ["633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb"], "path": "%SystemRoot%\\SysWOW64\\mfc42"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "path": "%SystemRoot%\\SysWOW64\\NlsData000a"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74"], "path": "%SystemRoot%\\SysWOW64\\KBDLT1"}, {"hashes": ["dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "path": "%SystemRoot%\\SysWOW64\\wiaacmgr"}, {"hashes": ["1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb"], "path": "%SystemRoot%\\SysWOW64\\pdh"}, {"hashes": ["338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250"], "path": "%SystemRoot%\\SysWOW64\\NlsData0000"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "path": "%SystemRoot%\\SysWOW64\\user"}, {"hashes": ["0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707"], "path": "%SystemRoot%\\SysWOW64\\eventvwr"}, {"hashes": ["4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a"], "path": "%SystemRoot%\\SysWOW64\\dsrole"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b"], "path": "%SystemRoot%\\SysWOW64\\OnLineIDCpl"}, {"hashes": ["e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def"], "path": "%SystemRoot%\\SysWOW64\\WMASF"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "path": "%SystemRoot%\\SysWOW64\\KBDLV"}], "ip": [{"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c", "e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def"], "ip": "64[.]88[.]202[.]250"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c"], "ip": "212[.]51[.]142[.]238"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "ip": "91[.]236[.]4[.]234"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "ip": "219[.]92[.]13[.]25"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "ip": "41[.]169[.]20[.]147"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "ip": "177[.]0[.]241[.]28"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "ip": "82[.]165[.]15[.]188"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "ip": "72[.]10[.]33[.]195"}], "mutex": [{"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "name": "Global\\I98B68E3C"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "name": "Global\\M98B68E3C"}], "registry": [{"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74", "0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707", "1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb", "338b14380a84844b2e8773ba6846e2a8a23fe266b5d079dc3efbb17f9473a250", "4b953167cdee60b1fda17ce2293590c05b26db580e93ce93fb0ffee08527ac2a", "539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0", "633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb", "887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08", "ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028", "c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851", "cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868", "dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17", "f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\66\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ONLINEIDCPL", "value_name": "ObjectName"}, {"hashes": ["1b1c8d35b6dff722f9439985f78da06098d5bad82e7d0b5d1fa41dcc6b3c432b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ONLINEIDCPL", "value_name": "Description"}, {"hashes": ["e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FXSCOM", "value_name": "ImagePath"}, {"hashes": ["e66da3958ee12be370fb6e1e429611f98d575b21b5e555d9f8dee58eb2481def"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FXSCOM", "value_name": "Description"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0039", "value_name": "ImagePath"}, {"hashes": ["887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSCLMD", "value_name": "ImagePath"}, {"hashes": ["019cb08d08f8512b3a6af74bf8f1f4c99c8a9691af2775183c95e67c10388e74"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0039", "value_name": "Description"}, {"hashes": ["887226f61b841051a606edd1ced5ad1c1919e71fae4583afea1d995fd027ad08"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSCLMD", "value_name": "Description"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": null}, {"hashes": ["0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSVCIRT", "value_name": "ImagePath"}, {"hashes": ["0622420430e3559c1a5175e77584feebbeac977922c0a5b72d52d996e8ba6707"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSVCIRT", "value_name": "Description"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "Type"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "Start"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "ErrorControl"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "ImagePath"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "DisplayName"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "WOW64"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "ObjectName"}, {"hashes": ["ab87b202217c59a3d0346f4bdaa549813191ff25df57ad8a616b40647cb4c028"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDIR", "value_name": "Description"}, {"hashes": ["cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PKGMGR", "value_name": "ImagePath"}, {"hashes": ["bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTAT", "value_name": "ImagePath"}, {"hashes": ["bdb054e3f565c5bf244417609322ccebcab26fdbc74c31516ce66ffd2aed2268"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTAT", "value_name": "Description"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": null}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "Type"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "Start"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "ErrorControl"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "ImagePath"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "DisplayName"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "WOW64"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "ObjectName"}, {"hashes": ["539f218904629efd90df998b1704cdfc101543b74c6d8afab2204e325d1e8bb0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDLV", "value_name": "Description"}, {"hashes": ["cb8a434442b33d664405f2191c9f57d7e04f97bb3a98116000d82a5967bd2868"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PKGMGR", "value_name": "Description"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": null}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "Type"}, {"hashes": ["d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\L2NACP", "value_name": "ImagePath"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "Start"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "ErrorControl"}, {"hashes": ["d8e201ed2ca53622f1ca4cd4b794879ab2b6dc6d52e5e4e12540da1c3d588e0c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\L2NACP", "value_name": "Description"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "ImagePath"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "DisplayName"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "WOW64"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "ObjectName"}, {"hashes": ["1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RASDIAG", "value_name": "ImagePath"}, {"hashes": ["c4339507d79d74a6260ee7769b98c58d3b5289a470bee7c5a87f96c78efc3851"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PORTABLEDEVICEAPI", "value_name": "Description"}, {"hashes": ["1dafb532cac149ced3cb5f6bcaef801208d8de38c3f6b7a8a69ba2277d90e5fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RASDIAG", "value_name": "Description"}, {"hashes": ["633bed3b02759cc36b1e72c124d298607e68697a75f61f221b5b59decde14ecb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC42", "value_name": "Description"}, {"hashes": ["dd5048f55ce7d16e2cce8ba707b66ae2c8c7ae64549b98fdcdb0f3ecf2874f17"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WIAACMGR", "value_name": "Description"}, {"hashes": ["1d225e3a3c3f52cadbf07a4ed069b4467c4618310d2f41678584f3704f95d19c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ODBCCR32", "value_name": "ImagePath"}, {"hashes": ["f21aaec6dab4428d5462f0a917908556054093fa9b94f386c94abc572c9d9e0e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WZCDLG", "value_name": "Description"}]}, "reports_count": 18}, "Win.Malware.NetWire-8479400-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-netwire-rat-registry", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "malware-netwire-mutex", "hashes": ["fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-empty", "hashes": ["c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "NetWire is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "26fe99cf61903d3dd464b96e87bc8640dd1d1ba9df2c795e2f27db6dfb74522d", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f07546bd8f0758be8e6147cf6b894578e75fd0572fc0c081098e6fb8448f709d", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "iocs": {"domain": [{"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "host": "love82[.]duckdns[.]org"}], "file": [{"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "path": "%APPDATA%\\Install"}], "ip": [{"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "ip": "192[.]169[.]69[.]25"}], "mutex": [{"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "name": "OqvAvPni"}], "registry": [{"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "229d7221c71a16c1b2d8bd1f74dded37d27dec2dcc713150d7657837c6c67be0", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NetWire"}, {"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["005d4ba8835d3554bebf46c7910bbf3b8823c08abec4270b9096dd22ecf295a4", "045ed6c11f72b1a11803a205abcd7ea82b2ad478a8a795984c322f540d159a79", "11f841dcd0ffd44e32bbfaf6ee2e3e4c47efc0ae80ab95a4b4f6f0cd4f9fbb2a", "1e7b37a04208f94239a05244352ae5bf45793f83bdcb4aaadbfa7ef4c48d805d", "22c07b60b192d882381a9e4e5c1cefff80c7bdcf12efa66d19765625b9ea7d00", "255c6efe9551fd5b6381adb440b94af65aee2286465c76c8fdb596c6e7a90b1a", "28181484a3ef4f4f3ab8fc07388aa109b49f2e02bcfe65b819a4341369e5b4fc", "2e86be5c9c364bd944b4823b9191f217c181bb6c980e1708800be13dac953cd5", "387109054b3a59071d6ca8af6656eaa223fa4d1825efbcc4213bd192c5d6e29e", "400dc0e03ffdbe53b008300711d2490e94f7b9eab93ac16ae49b39abd28a48ac", "44fd21ec687bfbecc1002f1a5e640f0d782b9aa9beff7e4822704fe1a09907b5", "483b6c1fc090a248beb40574446a998c3af6a8f3c42df5f0e95a162fd4b9b534", "492c1e4ae807107b8792e9e4a0c619f92dbb9f0a1fd457ac79fa0e07292354b0", "4be38ea855bd9088282cd6afbb6b2698aa45fc1f507a609a66af4894a8a3eaf3", "51164673a792e1f214b69b1f21bf714ce289ddf8d898f7499f07aafb7a692e9a", "523e3d1fda9eb37098ae774b20f87e5552c5f38228dcf311298caf4bc5c2d086", "542d5b4e9100882a16a6ce60c6ff8532b1f0a22a7bdcda84c35cd7a1b49df664", "62b6d90b250056d556971b7066e827eb03bbe2cb0b70848a98cb21fadc27d500", "79dbd028f2768d0874fce30c00b227e6af46080727503918bc09ef965949edc4", "7e6898b47574bbdb8b7c27bc392eab836bcd810e048fdc6b880537e3c7fb701d", "83ab262d766c76a413251c5b7f7598eac14e6a273580ef388be2f1856baed52c", "9648d53a1276cdd0d3d170ba0c13a9c140b13c4ef3d3d4790164ca98f8f71a5d", "9d163b8e00e7574fb1609b2ee8db2b07d3b6aafa233f3add788dda1baf5b3322", "a6e2334b5bd8c467b10f1a2eea7e94beca79e2dc3537c376064e039be0a97686", "a89c9890ec7ae3f4a97ca25dd843c8de94bceb623080035992ddf1af6bbecbdc", "ab413a375028e01abe531897a0de8eef4f7bad5c253e18ecf815331b7a73c216", "ab6a7a29d52794718bb20e8f7bfeae5a1a44fe66bc9fe25691f3f1d84e37a3fa", "b4536b986ebe352f49d6a7b9303f9d5fc5fa2117f2357055cfc40b7b2228c250", "c2a0d275b118745e3f836cc05cb81129483d3033b0c9a3c166435bde33f77dac", "c47743dd7d8c4b2c413c79abc641c5982c4c7277ea43ab3e604e9dd1a359ca2f", "c483c8fad2d0a695d456b79f06c212962282bf06d6163d5ce6bef2760b06aa8d", "cd0b0ab16bcfe4acba83042febacdd7b90e6322846498ccb4e532e6aec501378", "ce9fd3d6be8d4f0b9f456cd4fca3d74ebd5ac0d83057ade58a3167399034a25f", "cf9429357999c5eaf0eb55e81122fa57e23cf529eefb336a5ad68e41060f328d", "d9911590db9fdc0c37c7a74235364ea19215751cfd040c9eeada01f60c7269a4", "f481056368ed58e8029791d1befef69fe7d17d083eace9067f57460d35c64e7b", "fa980c90725d0c317609266fc7dda12b407051e0087ca6dc4db492ee910a6cad"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}]}, "reports_count": 40}, "Win.Packed.Dridex-8486639-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-modified", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "potential-registry-persistence", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-null", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-dridex-detected", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-windows-task", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "possible-dga-communication", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "hook-installed", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739", "bbe1fb207e29ef86596418c86517022fa6adaeacb80bd8df6847a0c3c44adba6", "bdbb1905c2d1f9d55c873b73816f257117e4990d561269018ffdad2b52b43339", "c28d79e3bf059482692b903209b15ccb1f221e4004c667f46b2333cd36ed0bdf", "c80c70f63707bef34199c394aab1eae77c94a5519802d8d591834b94c5157751", "c9c5567a87305e200caa80715e2138e265cc87cfcd2602d54665f8070ab4e46a", "d0ca67f7f62ba024be048047893765578efdabd358e2ffdff540908270a73b8e", "d0df82d9c4ecec847911d7b564ff179df5f3da01cd01d4e7b80b7265067c7f46", "dc3182fd6b7ea85d00fb383d16df5f3fd42731d90103faac333eee851e03db5d", "e4de2ad71f07e91194167ce30c87e6a9092a63235f3db9c047886d2695faa012", "e6cd14584aa3021932092e4875ebf4b88b855d74b05736817747c05fe509f24c", "eadf03389b7c269f1151d1b8aa3ed052b11dea3897b17149151288bbce81eed0", "fd0217351d28e66b70b92079276fd054ab200faf4035f47d268edaab6599efc4"], "iocs": {"domain": [{"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "pastebin[.]com"}, {"hashes": ["453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d"], "host": "www[.]z9sgtyzd4n[.]com"}, {"hashes": ["7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde"], "host": "www[.]smgwtryg5o[.]com"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "host": "www[.]7trmhvo0lc[.]com"}, {"hashes": ["a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c"], "host": "www[.]upsx9hbryb[.]com"}, {"hashes": ["2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed"], "host": "www[.]dv3cqa0qfb[.]com"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "host": "www[.]vdpfmxmrwl[.]com"}, {"hashes": ["7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde"], "host": "www[.]rwetvae1y9[.]com"}, {"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "host": "www[.]kwn21leqpf[.]com"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "host": "www[.]bqjubcofqz[.]com"}, {"hashes": ["7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e"], "host": "www[.]mnofmz3cat[.]com"}, {"hashes": ["a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c"], "host": "www[.]0c6gsqsqja[.]com"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "host": "www[.]v0hjik6pcs[.]com"}, {"hashes": ["2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed"], "host": "www[.]ihzfwitsog[.]com"}, {"hashes": ["7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde"], "host": "www[.]ottjfpzbbu[.]com"}, {"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "host": "www[.]ouzhwi8crh[.]com"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "host": "www[.]iyxil53gcw[.]com"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "host": "www[.]xxa0ygavhz[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]dsbmq2nt82[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]hxpc8qy8q1[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]ueinwzcoah[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]zjzsuycij9[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]agoeoitflm[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]k5f7q3mh7t[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]q3ulbe6oda[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]tyxkpcf53s[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]iyqoshvolg[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]mkkr79uxfm[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]fpwvflyztc[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]snm5zgki5x[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]xjwoxhknli[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]a7tg04r6gf[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]ipckiazckt[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]shw2jxszam[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]igkw8apszv[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]7s5kr9myr0[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]1wvaeoovzk[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]dd7olbjo4o[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]jrdi2rlx3u[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]wjfxpzvoxw[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]0uhpysqcha[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]kd2ivaauvh[.]com"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "host": "www[.]fe7yetcoxg[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]mlshgeofin[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]jxrib1xhtq[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]yvj9j2ryl9[.]com"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "host": "www[.]opppb50zxg[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]5djfyudntl[.]com"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "host": "www[.]sl01wge0je[.]com"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "host": "www[.]jbftbsaiga[.]com"}], "file": [{"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc"], "path": "\\TEMP\\b8a2331f2cea5833b8fe16d65c5bd8da.exe"}], "ip": [{"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "ip": "172[.]217[.]12[.]238"}, {"hashes": ["039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "ip": "104[.]23[.]99[.]190"}], "mutex": [{"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "name": "aihe2c3Z3t"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "QlMdGnfFmZ"}, {"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "name": "bVcCqyrBy2"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "S3DZABBUMK"}, {"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "name": "lV9DFmxMu0"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "XgDKb6eMIc"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "l4FHApIW45"}, {"hashes": ["ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6"], "name": "y9F3Xf34wx"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "lf7rGDvcoX"}, {"hashes": ["7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9"], "name": "mBKG6gUKV8"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "2SpUmwMJdA"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "GaQ0LAm4uC"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "GgAH9JMQiC"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "P6CqDb3bn6"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "TnXrsSiZYY"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "gS97oxh4Ta"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "jV3cL4tBef"}, {"hashes": ["9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe"], "name": "ufrMC2wkBC"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "6Li8AyR7ub"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "OogRI032Y1"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "UHktqcJ1Vt"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "fAzZZW7ieZ"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "kP1YBWPVfo"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "lovebEVaR5"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "oyCGR1A6FO"}, {"hashes": ["a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b"], "name": "xkr9JNzXgb"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "4YUTU2Ai9Q"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "BUqbN5jupu"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "CFOnsGH0xq"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "MUk0QEeBUD"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "WP6hZ7qfGk"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "XQrnYeUE5Y"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "bueCFawABP"}, {"hashes": ["bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "name": "k1FplrE7wB"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "J1MguaLqt3"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "NsOxaaOvPP"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "PMj2Wp044t"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "QnyLB2Vrop"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "jMEcdu1TtE"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "lwpdDeW3gv"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "mZa3mhhIu3"}, {"hashes": ["89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0"], "name": "yzMFvmPZzB"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "7s6O6WddU5"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "GVcavVO4Lz"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "In6DsP9fQx"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "M7SuxqGHxO"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "NawwJZdtCU"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "SxRrhHcoI2"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "TTPsn6UcWH"}, {"hashes": ["b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e"], "name": "gW5lUK77c8"}], "registry": [{"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["01471374fcd6097dc0aae7e009c5e7f394c12e2a4167d41ea65e9907d2aadadc", "039dcb0c7ad91af2bc6f85c31094c0af3f4e7d18132fc30e9835ec16ff5639bd", "12f85ba586ab2a2244e98f9a5d332c8eac918bbefad4720290724a1656b811aa", "164680200fa658cf68c2364fcefe4432f22a50c4bfe9522e2d471d1dc80cfd81", "261dd4670a2059359cf034f30f07f623a831e7c35df753ace924ee4a73538361", "2f0feed83faf1729bfaf899ce88e129f34fb1a7bf3336f5d69c1c9d084f81bed", "32eaa521b84d6dafbe190f74c356c38301a995705c0ada2aa8f7a8018913e23d", "3530771162e6e6b2f2d851043d89100e0e3a195b87e3c3ff8e16e43e03460047", "37f8d15d81cd5a3ac969e3ebacc5de83348de5f6e5cccca7fbeebaea9530c45e", "453f965bebdfd5f026d9bb79e35323846c020a174668635a2d354b3f3c506d0d", "4ac34dd6930ade14f1c8f86e4c4887bf89cceee39a87653cf3c167ee3030f702", "5837d744750ee27d21bc96c4c817128cfd8c4d9ef4e7f4cbdc367dd346038018", "59ec343687f0191fdf59c813db7cf35ea2dbc6656116e0d699e902e8b66a9acc", "6a36e9b8487b6e6b3a523c821681e9e18b449ee3867cb58a310f4b15b2d4bc42", "7518758b89bfea4fbe212eddcd4cad8174da1133db95e9e5f3e5df4c226756e9", "7885845e3a2c78a5f8c8148279ef73791762f6353b05abef1628e2a733ea7b3e", "7d583ca25b9aa5606983198418c7707d3eda11481ac0dbb258e0319323e7fcde", "7fb38fd748a22d1add21e5cdf392f31c541b257ce9e578a084fda8f0db9a7cf9", "89627f94995fe9ff65a53dac89c4f0c34f3ccde4ec074e852e692a64de4456e0", "9ec4b8395cd477573bc8d018abead8a364af97756e7613cd3715576c957561fe", "a7bc3abd06d7eecd14f6ace0434c6bbea31571e69a48161ed2fa07ff43895c9c", "a930e3c18a88724905b860619ded34cafbcf6e810e3df893fa26d25954c83f2b", "ab69eeaff679fe83a3000dde7696d63fef5686b12428ccf2ece997cc8c3e69d6", "b5d5420d4796241d3f07c35b1887f71db4f2c7f826352787085b1d494d14bf4e", "bbc54b0340ccf681fa6acdb078bb854956d39430e01d7bdec12d4ea36e405739"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 25}, "Win.Packed.LokiBot-8568668-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-numofsymbols", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-file-in-user-dir", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "potential-registry-persistence", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-packed-upx", "hashes": ["25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac"], "mitre_attack_tags": []}, {"bi": "pe-section-null-encrypted", "hashes": ["55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from many popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "25b2d5dabf35a8b429fd6cfc36c205e35f172f2aae3898d36947dd72222b327f", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b", "4bc8d2db0b48dcda542e7d34f088ae649e8128c863ad68d4d77455ae98756e38", "527b8ae5f5ff6826efec6e3252ab793e069ae2feedfa43b5922eb9bc3265a298", "54219ab3635b2dd1018fca9a7c760be0b0169507e09f3d61f0eb97074168493b", "55cad0ae7207fe29b871d968de0ddfee439628d41bff6afb3a02041f3427559e", "57a982df0afa8fa22388d24d138660e3b99979604850180664b01a826ab9defd", "58779c095eb5c4b51d098136e8ce3d33d2f608db757b247e913d6fa51ed6a428", "58b6a6f2fda33cfb777d9c8d42d4e3df2b446abcd9d101d755ec128254299fa0", "58db2dff6b8898dacc92d98a48c9da5f7e2270fc21a6b70fe97b09f96088d82f", "5a86637f374497dbf6dfe417b88b0b2be36b2ea77117a1eb7e48c215d6bb42b2", "5ffd20a27300b1ad6659aaccba210d997c1ba9a2d42148053f44f29b8f1b8b50", "6ba815ad6165215d861a216a0eb73e1932b9124a3c87830150b1b2cd9099a85f", "6d92935dda1a2c84732e403d3827f926119fb6be50e7f678b49a07aa53c512a0", "794c566290200691a958cf39f726defc3a775351b18f4c827ce84d33b1fe023b", "7a34a518ceae01e356a7975b9efef5382ea1081a953ce840d080ea4101b55caa", "8237d01c9db75b390cb0588c42b13f538a695c7cc0b39e84590e4958941f1062", "8be596388c599b96b6e60d2f3b1586f0ec38cd80eb763491dde332b21009377e", "8d3c1b6ce754f91f726c40ed4c13189e653ff530675805f4fffc42dace6b6787", "8e39aabe3e3a4b8057607d28bea7e7b76f1047b535beec90a30e2c7ccc5a5695", "8ed1deb185e85da37168b1a3e957dc28efb5d0e560171f8d2b71452bda4884ef", "90afce0b95c526bd84445ee1a4e1a8cf6e4276bca03a97aa789736ac513afb4b", "949406be4a8612ad9f834d8589ce1891a079ab68180e93ad3e7c79c5f11e4578", "94a0d8d139fbbc988f54d7f947dbf89acb17208f196edde5839b24ad6b195768", "9dcf86de40e148313b9b107fe8f404de21d8779f739edbc2f230d04e84401cdc", "9e1f30988106e405534e4ca8852c73206dbc4704b36eae252f1927ab3e4a60f2", "a004a8ac2f6243993806332f374155631c24d5cc35c4cd98b040e0c3faeccbd7", "a04bb385e6459b014ec4f1988664f8b7dffb6769266d5cbec267a2fa5f789f62", "a261f9e1cb27b28a02e1419427bf1dce4fef4917b45b8f89c00b37f769fce9de", "a550e7f1c5803e6f0175252e7f73de064b515b62dedf6a6c2029131eaafe36c0", "ab42f7fd159fd87556d25a21fab81cbd363d537415408af16c86c59fc37b4854", "abae2ab49ea6f0ef646a0a75b7757012c11bc3549c03c61d4876df85b708e02a", "ac4fd81d024a498c434489ac0dc08aed51c7c4db35383394469f26b4e0f43b2d", "afdbf651522cf329b64a7e9aa7e97cd135689b303cf9af16b12cdbcdd200cd20", "b222f73a24f6e9cc3a2b8234d5ba0d861922cb3e30eca641eec2dac9a09d1c91", "b5f2008c4d882df2c5da3e84680d58fad68b057fc4f99ada222af20e6ce2fcc6", "b5fc2414c0f225c3369f98995f4027e86d6f2b000faefd31b7b4415c32bf7b78", "ba788c1988aada394b462614d11a61069698ee5975b8a5c268c8e72d240056be", "bf0801aaf2f4a84afb01500931d4e70886369768ab1840394d60b28969e25da9", "c0e7f4fec550520d81fdf83a4bce552cba94992da2ba7ef2ec0e6de0decc2233", "c51bf9eaa3a5e57398889ac8ebb0fbe8979aa08253d4f9d58a58e0bcd08d6c12", "c6ccabcadb070544af3cf65510ea9b6e678ad5a6631a5dc93c6d0b74a63402b2", "c723164209269f3578373ef46d76af330ff621553879c74e65ce5486057936d8", "c774ff98fc0aac49a3b6ba763cc46e082205dfc35aaa5cf9cb3c48acc58b62ef", "cc348454c83f5687f18e91bfadf883441fc1bc3d59b9f43253404b2d08647b8a", "cf315e3116cb45619abc433da6e0286e7dde384999e714ba3d588b48af3243b1", "d4def291fc068dd863363a55b3b74db28131d361e38198ea8129f211d6baf8a1", "d5a2a4d1144986bd34bacf536c25128a03e295f71746be3f3976cb04f8b54ae9", "d8e256f0d9887a0726a8162fc3afed970db6f83e806bcba6e0a6e0d9509c3eb6", "ec6d2bb272e1ad799fd42cf4a64db867a100513c3c27e16fd053122f18006a17", "eec4aab38e9fafeaee4b21d0a8eb924df0a8a960881f9b9a1b86f361182b7b65", "f080e007e1ec719c75466632f557d7bea861f6027628df0d16285472075153ee", "f63e26f8c39a3e2b57adaf480a648d7c82884e0adb4d6ce12bc5177fefa9bf43", "f8892d7d3ab635c52d9839958540b96cbd251779d5bc68b191fe958fe0d32ef0", "f974b505e7d99cf323656de1c360982a5a010a12eb18df99231ed54471b41715", "f9a6409180f50aadf11825a77f588b3d47dbed700b1a5a6c48af95c95d52a618", "fa4fe495805e50f37b0dc9d3b13a03eb7d5130e111f301bb334fbe0ea35c98b2", "fbb6385260bed66a3d636370d0a6d526cbbf7f70c293c84a7699bab1aaa6dc39", "fc082cee0e1e2e8a1816c2b109e7cdb58f87a7b870782c6a6a5735fe6f158414", "fcbc5575245f9d0746ca3119f069439d25b79afaf9857627c9daba2c85763b4d", "fd8bb30269578110f41b5eaffee079b2f290e0ec29c5e6d7be16d309e4c8730a", "fe66b09eee651f6038a868fc0053b8b01e8f4268c8af3b872bbacc1fe6ff0117"], "iocs": {"domain": [], "file": [{"hashes": ["0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}], "ip": [{"hashes": ["0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b"], "ip": "185[.]126[.]202[.]111"}], "mutex": [{"hashes": ["0c58b6aaacdc67cdbdd6afa96bc3d70ba9d3a2755e167d991c8bb9210f63245b", "0cb0e47e0d7373e407d3634f13b3cf33ff777306190f899649b63c4ea7e31c53", "0e72330c623d0807cf5688672d9f528c8df01a3673a687a2acd7bd1f20d50076", "116bfb1907c96421e87d6a52d325a5ca56846eb9845e6b506b47b0439c1c0382", "13d62dc6ab41d8f7c26b75aed160c82a0b49013f6f85822b71aef7d53bd566c2", "14bbf2ba0482df800da11348223e4e737b5e6d993ce521fb80a75d008e21d4d7", "16d203c535218e1640d10e8d06f7e9603494c27096c4e8b5ff242a63ce082dac", "1b43d005d8c03d16ebaeed445cb2b489972aa5eec6fdf3bb74a8ae8713467dd0", "1c362a6f0e3b3c27652597f3e29079f8f868697c7886d42c92b2c221fb4778f4", "23edb899d71f2455ee832d0062f3ccb945b593243c8a345a630219c32d1047b7", "247dc57ee61758d4dfdc4f72e7450c8625c92291a8206b5750f75b9adde9bba8", "28ac5e65db10b970473a62cf5c3d119883f633c1509a0ef90d3272ab72abbbf2", "290a3944cec7e78bd2a11346e981389f1eb678347de6537761488bc895e111fc", "2bad3d73cfc353d8a690e8cfd39a965eb01cf41a17c8757a6e1d0d08e9195710", "311064c8b91b9acdaf3bd0bd668837eb27c69f3f5801009b8abc86a56832eefe", "318a69413ab3f284f08835bc979a4f3867d01b60ea233cec05990ecce5f830af", "3ba3b764ff8c55ebcb21593f17b277d5e0ae94d7eebde6211c9a55ca0e605fa2", "412a0b8ba705fa6554a2c3711bfcb7ce6db8514c5f604608fbbaab36651ca01b", "433ae59e4addb3f61bca9c872f68293ec66561fe72bd7a46d58fceba134e0d34", "483b3eeb73c79aecc9665fcfebef62c542ea0ec78e50bc7324151889dd0911d8", "48c33340c542a2a93fe65baa9321430f0cc1585591c9d022896e00272f648417", "4905ac6b7ab70a983ed9f72d47c41691c7542cbc8f49dc83e46da93b10696edc", "49fed5487288af8e9dd83253954019ef15120656c109eb2197d4124c1809577b"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["415e09f8d073b15e9faa1e55c713bf85026f822bd320491db87f2d02c8420ce6"], "name": "Global\\c802fb61-bec9-11ea-887e-00501e3ae7b6"}], "registry": []}, "reports_count": 26}, "Win.Packed.njRAT-8479097-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "T1112", "T1089"]}, {"bi": "registry-parseautoexec", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "malware-trojan-njrat-registry", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "modified-executable", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "firewall-exception-user-dir", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "network-dns-category-dynamic", "hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-query-nxdomain", "hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "startup-folder-modification", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "mitre_attack_tags": []}, {"bi": "fake-explorer-process", "hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e"], "mitre_attack_tags": ["TA0005", "T1036"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "iocs": {"domain": [{"hashes": ["0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "host": "fatehtawba[.]hopto[.]org"}, {"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "host": "babayalg[.]ddns[.]net"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "host": "aze12rty0776370119[.]ddns[.]net"}, {"hashes": ["b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a"], "host": "xxlxali[.]ddns[.]net"}, {"hashes": ["e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "host": "aali13212[.]ddns[.]net"}, {"hashes": ["31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc"], "host": "lucifermorningstars[.]hopto[.]org"}, {"hashes": ["3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13"], "host": "achrefforever[.]ddns[.]net"}, {"hashes": ["92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3"], "host": "ahmed2016[.]ddns[.]net"}, {"hashes": ["9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243"], "host": "abdoudara[.]ddns[.]net"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "host": "camifer117[.]myq-see[.]com"}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "host": "omar323[.]ddns[.]net"}], "file": [{"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "path": "%APPDATA%\\<random, matching [A-Fa-z0-9]{5,8}.exe"}, {"hashes": ["31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "path": "%APPDATA%\\system.exe"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "path": "%TEMP%\\Google Chrome.exe"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\27b4710398ae0b763559df62d775ba29.exe"}, {"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\6de93533ddf06b44600c0f7d2cb3cef0.exe"}, {"hashes": ["35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9eb21e5d1bf0f3ef5fed5349338ca44b.exe"}, {"hashes": ["712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f53bd214b970381275bb6ce3c71b0345.exe"}, {"hashes": ["759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\7d37ca2c4b7afa2d4d222003a595ed82.exe"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\7600563427a220b9ee6789067cee7247.exe"}, {"hashes": ["d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\0c9c7dec5ec41406f114cc14122868e6.exe"}, {"hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b34230732a1fbeafb56e1f89b2c65110.exe"}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\d67b5eef929e2b8fe667b51fa445dda2.exe"}], "ip": [{"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "ip": "141[.]255[.]152[.]254"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "ip": "141[.]255[.]157[.]71"}], "mutex": [{"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "name": "<32 random hex characters>"}], "registry": [{"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["012e909df9d0df5311c7197fe96d869ee2475f14785c36a2b63049392dcab08e", "0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7", "15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b", "31533a726bd8296da161f2b50617ba0643186468bc550e95b717374e32ca63dc", "35a995675808686145eea0f21cc21499d2b8156e38d245b53549b6258d9754a3", "3a0136e03cfcc1312d8a282608337adc38e71155fb0278257ec460f8c28c6a13", "6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7", "759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca", "920aed6efb480e8890dc16c5aff5a195516a8862a1f42dfe5b6e1ad06760dba4", "92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3", "9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243", "9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746", "b183fe613c1eb93e221210f48a9d9b4a1a2aa3f898848168b3bf69677c4c4b0a", "c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee", "c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7", "d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0", "e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59", "e6627586f9c31258191da77dce84119be5b308e9f6c163ea5631a1f574fec736", "ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "key": "<HKCU>\\SOFTWARE\\27B4710398AE0B763559DF62D775BA29", "value_name": null}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "27b4710398ae0b763559df62d775ba29"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "27b4710398ae0b763559df62d775ba29"}, {"hashes": ["108b158a9336fe0a5a36747ab3a4e68c86bda13738b436ba1d61595f1bdb9d77", "2126da97bd3b0356c2525df5d91f38c62cd820b828b407d9ab035ff0984ea16b"], "key": "<HKCU>\\SOFTWARE\\27B4710398AE0B763559DF62D775BA29", "value_name": "[kl]"}, {"hashes": ["0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7"], "key": "<HKCU>\\SOFTWARE\\74FB347B3D36AFEEF9601FC49748F387", "value_name": null}, {"hashes": ["0d325f73d770a86a7dc2cea227c514f70ff209eb3cd9126cbd2f899ee33512f0", "137de9f6ebf719f94067cfd75b5462282bd1b8a3fcacacc9d78bb29e46afd6a7"], "key": "<HKCU>\\SOFTWARE\\74FB347B3D36AFEEF9601FC49748F387", "value_name": "[kl]"}, {"hashes": ["15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKCU>\\SOFTWARE\\58340164489AFF059FE46AB17B861A07", "value_name": null}, {"hashes": ["15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "58340164489aff059fe46ab17b861a07"}, {"hashes": ["15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "58340164489aff059fe46ab17b861a07"}, {"hashes": ["15d6f051b914fe71da5b7007fb0d29adee689591f3f352f15aebcb56a5969d76", "fb21e383d1092ea07228d6ab27d71e88f5e9384bfa2d2e25df05817ee9adc1a1"], "key": "<HKCU>\\SOFTWARE\\58340164489AFF059FE46AB17B861A07", "value_name": "[kl]"}, {"hashes": ["6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7"], "key": "<HKCU>\\SOFTWARE\\3073A267DD6BA57599509E1FC89383AB", "value_name": null}, {"hashes": ["6d093f76871d78c3c2e4e0876ac9cb9164f5263c901e813aeb24c3321a9eb0c4", "cd79a03310096d7a20499257d987e634513c3d7bcc1bfadefe3bacb75f0fa3b7"], "key": "<HKCU>\\SOFTWARE\\3073A267DD6BA57599509E1FC89383AB", "value_name": "[kl]"}, {"hashes": ["712bc4b4138cd9e4de8d31cef9254667cd247fb21d70746bccd8e7ee846492b7"], "key": "<HKCU>\\SOFTWARE\\F53BD214B970381275BB6CE3C71B0345", "value_name": "[kl]"}, {"hashes": ["759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "key": "<HKCU>\\SOFTWARE\\7D37CA2C4B7AFA2D4D222003A595ED82", "value_name": null}, {"hashes": ["759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7d37ca2c4b7afa2d4d222003a595ed82"}, {"hashes": ["759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7d37ca2c4b7afa2d4d222003a595ed82"}, {"hashes": ["759602d8ff40af581cd164bd9cfca99c25f1790c874d4a441b3a5ff533f721ca"], "key": "<HKCU>\\SOFTWARE\\7D37CA2C4B7AFA2D4D222003A595ED82", "value_name": "[kl]"}, {"hashes": ["92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3"], "key": "<HKCU>\\SOFTWARE\\B8ECBB9B55BF8E520EA66CE3B1D1F053", "value_name": null}, {"hashes": ["92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b8ecbb9b55bf8e520ea66ce3b1d1f053"}, {"hashes": ["92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b8ecbb9b55bf8e520ea66ce3b1d1f053"}, {"hashes": ["92f0707572aa497bc1d86787b52503d1ce0fe51292be674e6f10b940a265dee3"], "key": "<HKCU>\\SOFTWARE\\B8ECBB9B55BF8E520EA66CE3B1D1F053", "value_name": "[kl]"}, {"hashes": ["9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243"], "key": "<HKCU>\\SOFTWARE\\7003E42B55F54D8B8C83FCE037328D7A", "value_name": null}, {"hashes": ["9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7003e42b55f54d8b8c83fce037328d7a"}, {"hashes": ["9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7003e42b55f54d8b8c83fce037328d7a"}, {"hashes": ["9b10f90033a84ba079d50da7b90a5cb0c5e6f2427619d5c9425afd6df3e42243"], "key": "<HKCU>\\SOFTWARE\\7003E42B55F54D8B8C83FCE037328D7A", "value_name": "[kl]"}, {"hashes": ["9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746"], "key": "<HKCU>\\SOFTWARE\\991F6008D0D57261D1377B61CB5A292F", "value_name": null}, {"hashes": ["9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "991f6008d0d57261d1377b61cb5a292f"}, {"hashes": ["9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "991f6008d0d57261d1377b61cb5a292f"}, {"hashes": ["9e2b29ad62ea3a13f27dc3de68f85bdf95f7dac97acc7fbe4d4833f66fbc4746"], "key": "<HKCU>\\SOFTWARE\\991F6008D0D57261D1377B61CB5A292F", "value_name": "[kl]"}, {"hashes": ["c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee"], "key": "<HKCU>\\SOFTWARE\\C81E5609EDFC3DC9ED0350B3755452BB", "value_name": null}, {"hashes": ["c30a52e8084f877c22696411929de15930aae0fa132df0af40cd48535435a4ee"], "key": "<HKCU>\\SOFTWARE\\C81E5609EDFC3DC9ED0350B3755452BB", "value_name": "[kl]"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "key": "<HKCU>\\SOFTWARE\\7600563427A220B9EE6789067CEE7247", "value_name": null}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7600563427a220b9ee6789067cee7247"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7600563427a220b9ee6789067cee7247"}, {"hashes": ["c4cb8fda10c91ab40a8f5885ba2f4fc6e1702b9200f589ac1dfa1987c9206f72"], "key": "<HKCU>\\SOFTWARE\\7600563427A220B9EE6789067CEE7247", "value_name": "[kl]"}, {"hashes": ["d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "key": "<HKCU>\\SOFTWARE\\0C9C7DEC5EC41406F114CC14122868E6", "value_name": null}, {"hashes": ["d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0c9c7dec5ec41406f114cc14122868e6"}, {"hashes": ["d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0c9c7dec5ec41406f114cc14122868e6"}, {"hashes": ["d8806598bd19f7d1776c68a63d2cde0b8dbc6fe5f17e2bfcd06abbcabfca0ce0"], "key": "<HKCU>\\SOFTWARE\\0C9C7DEC5EC41406F114CC14122868E6", "value_name": "[kl]"}, {"hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "key": "<HKCU>\\SOFTWARE\\B34230732A1FBEAFB56E1F89B2C65110", "value_name": null}, {"hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b34230732a1fbeafb56e1f89b2c65110"}, {"hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b34230732a1fbeafb56e1f89b2c65110"}, {"hashes": ["e01c82be269f707b5479248ec72c0eac33846a5362a203e7de005441bc53bc59"], "key": "<HKCU>\\SOFTWARE\\B34230732A1FBEAFB56E1F89B2C65110", "value_name": "[kl]"}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "key": "<HKCU>\\SOFTWARE\\D67B5EEF929E2B8FE667B51FA445DDA2", "value_name": null}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d67b5eef929e2b8fe667b51fa445dda2"}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d67b5eef929e2b8fe667b51fa445dda2"}, {"hashes": ["ed1b8e246b88b984c595f2e1bd6cfac7c0cb4463abced2813fc1b88378e5f107"], "key": "<HKCU>\\SOFTWARE\\D67B5EEF929E2B8FE667B51FA445DDA2", "value_name": "[kl]"}]}, "reports_count": 25}, "Win.Trojan.Fareit-8493652-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-vault-api", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "file-ini-read", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-flagged-malware", "hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": []}, {"bi": "malware-agent-tesla-detected", "hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0009", "T1123", "T1125", "T1056"]}, {"bi": "malware-agent-tesla-av-detected", "hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["T1219"]}, {"bi": "network-file-uploaded", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "process-check-ucbrowser", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "network-snort-malware", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "http-response-client-error", "hashes": ["e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-opendns-malicious", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0011"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-downloaded-executable", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "pe-certificate", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "network-url-tracking-service", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0011", "TA0005", "T1102"]}, {"bi": "network-snort-protocol", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "network-snort-policy", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "mitre_attack_tags": []}, {"bi": "pe-subtype-com", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-filename-mismatch", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-indicator-shellcode", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-downloaded-obfuscated-executable", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1027", "T1105"]}, {"bi": "network-dns-download-executable", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-snort-file-generic", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-modified", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-pe-no-dos", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "pe-packed-mpress", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-read-ie-cookies", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "network-snort-indicator-obfuscation", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": []}, {"bi": "url-short-service", "hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "mitre_attack_tags": ["TA0011", "TA0005", "T1102"]}, {"bi": "process-long-cmdline", "hashes": ["f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "unsigned-roaming-execution", "hashes": ["f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "mitre_attack_tags": ["TA0005"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "The Fareit trojan is primarily an information stealer that can download and install other malware.", "hashes": ["0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea", "10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "38c234dc0bd0297dc390529d3c11887b19219b76f5f279e8d3484856783f85eb", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169", "7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271", "b92387f4ebd2401753c36f466db181a1624fde4cb23cac4f26f26bb2edacbd29", "bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab", "c208823b7b425a224dc28447ddddae1ebc5735b5dffd6f3858a70d384a96c4a1", "d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0"], "iocs": {"domain": [{"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "host": "iplogger[.]org"}, {"hashes": ["12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0"], "host": "flood-protection[.]org"}, {"hashes": ["12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0"], "host": "mail[.]flood-protection[.]org"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "ip-api[.]com"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "host": "repository[.]uzto[.]netdna-cdn[.]com"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "host": "repository[.]certum[.]pl"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "ext-sq[.]squarespace[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "google-analytics[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "osdsoft[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "s3-eu-west-1[.]amazonaws[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "pc[.]publicnewsetup[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "thebestoffersintheweb[.]com"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "host": "kovachevpress[.]com"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "host": "telete[.]in"}, {"hashes": ["0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "host": "dutchlogs[.]us"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "www[.]regulars5[.]info"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "www[.]getgoodvideo[.]com"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "mediadownloader25[.]tk"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "www[.]kitpicture[.]pw"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "freekzvideo[.]cloud"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "athrluckyday0003[.]top"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "jogaae[.]jfoaigh[.]com"}, {"hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc"], "host": "admaris[.]ir"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "host": "gfehi7[.]2ihsfa[.]com"}, {"hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953"], "host": "mail[.]wolterfan[.]com"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "www[.]fittedshirtclub[.]com"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "www[.]virtualgifts4u[.]net"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "www[.]masterdslrphotography[.]com"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "host": "www[.]moonlakemarina[.]com"}], "file": [{"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\D1CC40\\0F3583.lck"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\a18ca4003deb042bbee7a40f15e1970b_8f793a96-da80-4751-83f9-b23d8b735fb1"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "path": "%APPDATA%\\D1CC40\\0F3583.hdb"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%APPDATA%\\Microsoft\\Launcher.exe"}, {"hashes": ["0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "path": "%TEMP%\\arinze\\arinze.exe"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-process-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-runtime-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-stdio-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-string-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-time-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\api-ms-win-crt-utility-l1-1-0.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\breakpadinjector.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\freebl3.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\hv8745939v498h.zip"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\ldap60.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\ldif60.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\lgpllibs.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\libEGL.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\mozMapi32.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\mozMapi32_InUse.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\mozglue.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\msvcp140.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\nss3.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\nssckbi.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\nssdbm3.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\prldap60.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\qipcap.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\softokn3.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\ucrtbase.dll"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\3098htrhpen8ifg0\\vcruntime140.dll"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\fjgha23_fa.txt"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\jfiag_gg.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\kissq.exe"}, {"hashes": ["f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "path": "%System32%\\Tasks\\TASKDIRFORTASKCREATE\\TASKFORTASKCREATE"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\Temp\\jieolll.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\Temp\\piyyy.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\Temp\\videoplay.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\Temp\\wyfdgguu.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "\\TEMP\\logo.gif"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\Temp\\id4.exe"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\ecv6C8E.tmp"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\ecvB976.tmp"}, {"hashes": ["d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff"], "path": "%TEMP%\\arnold\\arnold.exe"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\FLfsQ97ATqe.zip"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "path": "%HOMEPATH%\\AppData\\LocalLow\\MIflsbJaV"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "ip": "195[.]69[.]140[.]147"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "ip": "88[.]99[.]66[.]31"}, {"hashes": ["12a1af4ef81e1c6e71faac652ae0b27d26f7c0f8f03a1e5191e64efd85cf580a", "f6bbefe21fdc48d34593b743d0eb995112db1d0f935da32085da3ec5314c8ff0"], "ip": "85[.]187[.]154[.]178"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "ip": "198[.]185[.]159[.]144"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "101[.]99[.]90[.]12"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["75f614af5672c9dd40b750d6af0c34dc2f930deb72ad1c76aeba5ac932f57169"], "ip": "108[.]161[.]187[.]74"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "103[.]91[.]210[.]187"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "23[.]96[.]24[.]107"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "185[.]130[.]215[.]136"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456"], "ip": "91[.]215[.]216[.]54"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "ip": "195[.]201[.]225[.]248"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "172[.]217[.]197[.]104"}, {"hashes": ["0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "ip": "5[.]77[.]32[.]186"}, {"hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc"], "ip": "194[.]180[.]224[.]87"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "ip": "35[.]223[.]217[.]188"}, {"hashes": ["bb652f11edb625fade303e09bc8450276634f98aa050a7e6dd3c816f62edefab"], "ip": "199[.]192[.]26[.]230"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "172[.]67[.]134[.]183"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "192[.]157[.]193[.]137"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "204[.]188[.]226[.]99"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "194[.]54[.]83[.]254"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "34[.]200[.]198[.]80"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "52[.]86[.]54[.]255"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "35[.]171[.]65[.]219"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "172[.]217[.]2[.]100"}, {"hashes": ["3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798"], "ip": "185[.]236[.]202[.]164"}, {"hashes": ["337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc"], "ip": "185[.]207[.]38[.]107"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "ip": "52[.]218[.]89[.]3"}, {"hashes": ["7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953"], "ip": "203[.]78[.]104[.]33"}], "mutex": [{"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "815c270a50913e47152329d92bfbda5d383faab8eeb43ba51f7afdc69624cf5a", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["10bfcfa243c262252f60c4b5480e1da37a205068135b5dad722a1d01ca871456", "337bd5db74ecb61abb14d01b9c938989a04ca4d7a8fb027a3895090147626abc", "3547debd61e04a97aed10733ab27bed6b23956104d7b6932ace83605da1bc798", "3afe57a6dfb27aa17a596f159a77288def98b130d84bb11ac9d283b0816a1347", "e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0"], "name": "3BA87BBD1CC40F3583D46680"}, {"hashes": ["ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77"], "name": "dfthorbnjAdministrator"}, {"hashes": ["f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "name": "145nEVR515JsB8NB94DYmA4W8NDTNYhAQw4100115111536076clipperrorRER1233326FDSH123"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "name": "9C71F883-5E43-41AA-85D0-5272784FB258"}], "registry": [{"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef", "ec26615a72d15a96ebc88ca8b3ef2eaef97894eb70347d25b66ed8453a8f4f77", "f594a66f330e8f2f14a9d39c1195b76810248a7e326af586a945cb7b4d8bdeb5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT", "value_name": "count"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWSUPDATER", "value_name": null}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\PICTURE", "value_name": null}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\PICTURE\\PICTUREPROCESSINGTOOLSV1.0", "value_name": null}, {"hashes": ["0f59a101fdf55d72819e6b69917e5dc3c33cf7195e149c78afd4dde4e99514ea"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "arinze"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWSUPDATER", "value_name": "installed"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kissq"}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWSUPDATER\\FREEKZVIDEO", "value_name": null}, {"hashes": ["56d1fab5493fe9fa6ba93f984469817c89ea607a63249bec6540d8a6f9147bef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWSUPDATER\\FREEKZVIDEO", "value_name": "Installed"}, {"hashes": ["d2e5fdfd013a4fd426b9455889c8cf4f9102d1e7d68a3f739c4f88353f3778ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "arnold"}]}, "reports_count": 20}, "Win.Trojan.Razy-8568648-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-check-opera-appdata-folder", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "process-hollowing-detected", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "embedded-pe-resource2", "hashes": ["90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypt the data, and send it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "iocs": {"domain": [{"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "host": "smtp[.]yandex[.]ru"}, {"hashes": ["5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c"], "host": "repository[.]uzto[.]netdna-cdn[.]com"}, {"hashes": ["5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c"], "host": "repository[.]certum[.]pl"}], "file": [{"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "path": "%APPDATA%\\Windows Sesion Manager.exe"}, {"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "path": "%TEMP%\\sHkSp.exe"}, {"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "path": "%TEMP%\\sHsif.hkp"}], "ip": [{"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c"], "ip": "108[.]161[.]187[.]74"}], "mutex": [], "registry": [{"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IAM", "value_name": "Server ID"}, {"hashes": ["4c032844405e25349854219c2e85b9487f518f1fbecc6f1ebf298c49638f724d", "5f2ad668b87ae2deabe3af573e18f3d499bafc37f97cbc836834b8f5d4fd07aa", "90dfebaaf2eeffbffd22a49c3741d5c8f74bd03944fe41b2ab8dcee709cf8705", "9449e3553c696f3c7351592aa666ba2cd4e977ebdd633e9e7843ea38ef18bbed", "954d421019084fe372327667e6661cdd234a4d732ad725167de50d4c098a60cb", "9e98a80adc326eac448ae51ef2beee5c335bbef16ef094d7708e42ce2f0f8c61", "a2b0de1e4e9915bf82820280817b5f90b86c980c7c5948a196842bf2e93ca1df", "bca44a84f91738ed84598b2f2c58c684c2f356af0c222bbfa52edb9542234997", "ca25f4f2acd099f683414956183fa5f2251cee3138515a4cf5a756b3b2b419bd", "cd57456247564081c3f496cdb55a85594e8f890fc9c0bccddeb0d171a451983c", "d3d4c27b14d36a158981dbd6bc9840ad7fd88589a95f790cfe4e852390ada2fa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Sesion Manager"}]}, "reports_count": 11}, "exprev": [{"count": 16504, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3320, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1859, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1573, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 933, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 385, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 206, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 138, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 118, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 71, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 44, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 25, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 23, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 22, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 15, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 15, "description": "Special Search Offer adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Special Search Offer adware"}, {"count": 12, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 12, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 11, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 10, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 9, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 7, "description": "Wizard Spider is a group known to distribute the Ryuk ransomware to compromised organizations. They have been known to use PsExec to gain additional access to hosts within an organization. The initial infection is typically Trickbot.", "name": "Wizard Spider activity detected"}, {"count": 5, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-07-10T12:44:14+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.njRAT-8479097-0", "Win.Malware.NetWire-8479400-0", "Win.Packed.Dridex-8486639-0", "Win.Trojan.Fareit-8493652-0", "Win.Dropper.Generickdz-8494215-0", "Win.Packed.LokiBot-8568668-1", "Win.Trojan.Razy-8568648-0", "Win.Malware.Emotet-8568701-0"]}