{"Win.Keylogger.TinyBanker-8791735-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-hollowing-detected", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "malware-trojan-tinybanker", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-windows-task", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "hook-installed", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3"], "mitre_attack_tags": []}], "category": "Keylogger", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "TinyBanker, also known as Zusy or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "bc68a06cae98d38934c35334d33278385c2f9138357374b6871d9cc2d61886b7", "c0dada372c1b8d73189982e44549ee4b80905458d131fd98713a26bd8a87f8cd", "cea3474795a3a7bc3def95e239ae35e771cce3557398498be5ac0f7a81fdd070", "d2772d9cee5ee1856f346cc93ceec9cf65a5ac7e441195819f8c53daf86cd874", "e6e0bd4beec618defba20ba1e06966eec773f9d4fa731e37ce07b1f3f1bc4815", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947", "efafdb27ab9665c12856bd16a71b225d3bbdccacd77af3963f25607f1d8cd6f6", "f00fe6fa86cd72167a47af87a68db5d88d58c53e456f0c6cc77e227f814c7940", "f3dc1a0a24b88ea6672d6fca0672447e527fa4e7438c618f671dc09131ae52f5", "fb039d9e0eb901a5ccf52c0b9f49cefcb577920dafb613f28d9e5b4e42965f78"], "iocs": {"domain": [], "file": [{"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947"], "path": "%HOMEPATH%\\AppData\\LocalLow\\FAFEB955"}, {"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947"], "path": "%APPDATA%\\FAFEB955"}, {"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947"], "path": "%APPDATA%\\FAFEB955\\bin.exe"}, {"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2"], "path": "%APPDATA%\\5E60878D\\bin.exe"}], "ip": [], "mutex": [{"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947"], "name": "FAFEB955"}, {"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2"], "name": "5E60878D"}], "registry": [{"hashes": ["02f714d9530681ca2b5de1651c8e71a29c0bef9fc570a2d54eeb24d8ffcf02be", "0ebaddef17527ae1f59121ac7ae05fcb2806fc36fd4ea5e3a8d63999d1ef8245", "141731282c5378b959ee12a97d564b58bacae43a50ffbca289a5df8ba8d0771d", "14398c45f2dc4d5c6d4c16ba9f276888eee4eb396863a355d059b55795d606e3", "15b502a449d911c76cce06cd378d291e8039619a06ace593abbdd2cebe3add27", "1be832d22e4a3c920076ff78eeb08e73d0077b04d29b29c2347c5de170b425d4", "200a2c5eaa6ce90cc3f825ec4f4f3d8de444282dbd558a9dd0698a9520db2a58", "292daa2b85d6423471ab688bf3dcaa91661f9e930ecdf88d9ae8cefdfe8e76fb", "36d265d452dd91cfc0640b59f3184112c0e3e20f1c5f1e6409452881458083b5", "3c21cb07d0391719918fa40c59ac02b1d0444813bff01aa57ed0173ea17907fe", "4015c1917edbb2e1b9db30a3c02f3ae4e8f9ba7015f3c3c0a4274c281e508f7d", "40789d2be55ca929fe9e9ebdf084b84a42ec88d166744d06bbda41e24bb98e39", "40c0d24f854db3548f0d9ef8fef3cfc7463fae25e690f426e044042e35f46a48", "43b909534495841ca1ca6d5a16b4a8ced3c611ae84114d150731c9606cb1b574", "47381ffb76fa60172fe273eba6dbb66ac6ebe05c1e6b6a7af863be2b990482c0", "4d060e479439e757e3472f81a15da6ae38c7cbf9155c7de9817bf30552088b22", "645dafa65eec41b157e7dd205b07df97148105950dea2d0722f02f53f449e2a0", "67b202a511ea9de94c1dfd71134539bced5d3b51c0b4020c5585fb4e49334beb", "7b4bc90a5a8ebd89b6dd4b804257ec8c0c3b6bc2565a6c6f1e24f77f4b33fca5", "8cf7d553e27a5c642812bb040f97bc92746d64b9909bddbb38916d36fbeb8c0f", "9a21d7ef4b6f50a4e4ce47791bf2231a523884cf58e4d94e2089464967fd6e25", "9d76af39b9de6fc9f58ca5d7a83798f37790d2193ff88a71cccad19092009a5c", "b43794417fec9191f8700df446b20875bb753c9380c70e0c7c6869502fa16282", "b47214f748eef3fdd27388c1d59b4a308910d442f78cead2dee6895169ae9e76", "b853ec7bf8d69a2ea7203a8881c2671c8e2a546e7a9a299e6062275e52f10cb2", "e79ffaff87af83962a87f24f07506c76d03a0c0845968c85f2392c3c31b0e947"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "FAFEB955"}]}, "reports_count": 26}, "Win.Packed.Dridex-8827837-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-windows-task", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "potential-registry-persistence", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-null", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-dridex-detected", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "possible-dga-communication", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "hook-installed", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a", "ccc74459550666ca1ebfbee2a4471eeebd2b34e88b94722b20ffce5f3d66aa3d", "d3c18495779d96fb8ce57bb324a5bcdf3f6440073491c4958ba8697f96d2475e", "daffbd8bd8bf7424de93aa3653cc9d6a7a8b0d2982249ecbcf53e1290652bee5", "e07a0b69411389622d54bf59f47e974d0dd11a1cac3082397e6819ab9fb26328", "e476f4057bca65203210f5c8eacd11a81d25ab0965a24041a9463aa06a77aa4b", "e62ed7596656c5649757321f3993ed6a7231b1c2f43ce93b08315eed8895cbda", "ecef124b1c6619e35608b50d16895720e472c42fddb4c9fb3efd44d056b401c4", "f45aca05ef322e3345b9a48aaeee2cf679b26a2ab43d11753d65430b6e46c9df", "f7c0cc2cecf068c54388be43dfedbfaedb7505bf43a230ff9722e4add6ef1672"], "iocs": {"domain": [{"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "host": "pastebin[.]com"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]bhvcnilnxq[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]ca7ax5kdsp[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]yz0oyqdi0g[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]gofuuc5wmb[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]kyt7yhrfyc[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]z9htvoigia[.]com"}, {"hashes": ["432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "host": "www[.]uc3nhnajyx[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]di7cln2izr[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]ynqawy0n05[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]c6zyoxlpfh[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]4vyhny93ku[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]b5m6f5a21q[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]mvv8gvuiy1[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]owvvajedxy[.]com"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "host": "www[.]uoetm1pdeg[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]cvglpli1qz[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]ebiufgdzos[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]wm3qfbhlv0[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]rcjldxckwn[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]mrwqnhk8zc[.]com"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "host": "www[.]7ayyovgtmw[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]mgu1lgphzi[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]x7ph7yoiqh[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]5klodyyqij[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]yvzg5phixh[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]83ip9u8gmd[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]vzpqhrjnty[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]2osza4qwsm[.]com"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "host": "www[.]v7eji7sf72[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]isxw2so9km[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]t6lqkvpgot[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]sqbxd9jhlv[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]xnai81v9uh[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]vb66aisgft[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]qbqzwwxv7d[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]noa3x6z8ad[.]com"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "host": "www[.]k9xtwchs3l[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]io0imvtgic[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]mim6rnmswq[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]ktvkkldm8p[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]ljy2e7bzj3[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]e6mxi8aoqh[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]yv6qgh9tgk[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]q1aiz31r6f[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]2hjragndpq[.]com"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "host": "www[.]502hd6bmoo[.]com"}], "file": [{"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\LockScreen___1024_0768_notdimmed.jpg (copy)"}, {"hashes": ["2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\~ockScreen___1024_0768_notdimmed.tmp"}], "ip": [{"hashes": ["0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "ip": "172[.]217[.]197[.]100/31"}, {"hashes": ["430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "ip": "205[.]185[.]216[.]10"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a"], "ip": "172[.]217[.]197[.]138/31"}, {"hashes": ["77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "ip": "172[.]217[.]197[.]113"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed"], "ip": "172[.]217[.]197[.]102"}, {"hashes": ["a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442"], "ip": "172[.]217[.]13[.]78"}], "mutex": [{"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\X8mdYHOY8b"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\Ut8mrtIyK8"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\xV8DaYJqBh"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\zM4pAveIzF"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\dvthfjjeSq"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\TxV53LW0fw"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\kjYzS3FBf0"}, {"hashes": ["610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5"], "name": "\\Sessions\\1\\BaseNamedObjects\\Gd2lM282If"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\8cJJF971pF"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\0ZLQGKPrsk"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\exgJlYXto0"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\3drb6W0qjO"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\cufo5v6r1B"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\I6OelmgKcp"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\OQn0ntm6vj"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\EDaX68iPDI"}, {"hashes": ["7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359"], "name": "\\Sessions\\1\\BaseNamedObjects\\GCUbcoRHVR"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\TOo3cHsdFZ"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\AoIzaTR9Zb"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\Nulp0B5VU1"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\GUrvcftYUJ"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\UPzFb8J7iX"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\zlhFVM2krx"}, {"hashes": ["ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7"], "name": "\\Sessions\\1\\BaseNamedObjects\\GheSQMXCsH"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\JbhjpD4jlS"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\s6w2cTVlev"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\gsqpraUwgI"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\oFUaJpxPq2"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\Yb7LlFQcy1"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\i0dJyxnxG0"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\CKnBhZPPN1"}, {"hashes": ["af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00"], "name": "\\Sessions\\1\\BaseNamedObjects\\aSgSwwNQef"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\DSh6Z1Up7K"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\fLAYX6xPdc"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\pOAA5UbGr5"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\6H6gHd5GRE"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\r0r1mfPPSF"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\c8KMzgUHkL"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\zRaohXZVux"}, {"hashes": ["bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6"], "name": "\\Sessions\\1\\BaseNamedObjects\\v5nNJJLPd7"}], "registry": [{"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["0a458f25b16b546f0931f7cecffb1181caed311660c175c8c8d34c871007a62b", "0b4b945ae60f52616f2cc1d873af5d2a02cb83d787d3d131c6171ac4c62e1124", "2517cb61f9a99c4010ec511568169515734ebd10deb189384fcec666728c050e", "2971cdf6b7fb81a37052acdc0d4de87ae2fd462f39a8f4c1c7043f9f4e28ef29", "2e9721add69ef3e6eb8dcb0a6502a1d8e59330393244263b109eac301b6cb88a", "3590c5ed9b5c8a95713240b3b6a8b3110f605523da2e548d1c5ab043ab1d44b8", "3e567c7102100cd377db7108f81979a439a903821da1cfd7bbd9be012a1de783", "430e8d5555257b9794340d38819f1284231a5c3582a0041db420d950be7876ed", "432f369c0c95be349a3ba5b394f612fdfbd2fa1ac9e14c0528e7c38e8fd1150a", "610cff87cd900ca26f09a7ffa2ca70356c0d902ace7a9e05a01628ed083d01d5", "61eebfa1538d1720a32b9a3a30f70313b480465a05d7f930563ac3d6b5514f1b", "77aec805bed94f2693ce7802df374e1d5ce2f56d46174ab9cfe167bc0faf3a74", "7886a0740a021f1393dc4f154fcac8fccc118c9e25c16b266012c8538cd94359", "7cb1043cef6fe87bd14803e9676190124878d2d040f996ebe58cc6d8f299ba97", "860f6587300d97e47de60f87a6974f9da7dfeb5e813b9780bfb621cbc9a0e530", "9f1b795d0723f78350ba11e390114dbd6cba2e59f25a4c5d3e684c7b0d508a3b", "a446e1d11f89bc5610d9ca9b6bcd1faa91f3635c44a548c5ad80c88a401a1442", "ac78ec2ebd63237012252d7355416cd3847ac0d03f3942057e2ba0d17d641ca7", "af427e783d5fd2c3b292b29f2aa6e2cda13d23dd92a67a7d963a248afd555d00", "b0065ebb81e62013d8a02113003775edb061807589a908d199d0c091581c9487", "b3092894e72004368dfe1dde9c9f213cabd25fe683b70eb7e24ff0093094a343", "b8d40c04b216547bc7d84f094f9cd7ad15b193a24b7f0e2f861caf1716079420", "babde11121df3f032d3b6c3b6ade8a9363b25f9bc8dd88ca4b31af80620fc185", "bae259e9bc04f7efada21102f63fc8df0db0761f74fd5069a04ac30357c61fa6", "bf890d27babe1698002618e8027b5c682a828ce8e3e7093f140eb32ce480449a"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\66\\52C64B7E", "value_name": "LanguageList"}]}, "reports_count": 25}, "Win.Packed.NetWire-8705629-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-numofsymbols", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-netwire-rat-registry", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "malware-netwire-mutex", "hashes": ["6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialip", "hashes": ["24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-empty", "hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "NetWire is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "1f7fbe1b534336f82085dfc4fa6de67db5a480be385ef03e2bd4378073645131", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "4fc7cb20143713dd6ee67e3fd59b7195b308b1cf83019e75abe1f3d84cc568f6", "51a44b376ab4b028dd5def2c9ebc355dd111bd1ce69e8ff0f054e1e00d5853d2", "56cf7d1195896b823d749fb1df4cd3b0bbad03a436c53f043308f2ec62a79c28", "58be35719947a23de33e4c405cb5ee199e9e10b8363b36e988fec01b6fcda92f", "616f864ea40e2c3fff9525a285e9fbbdd8ebf6825b6defe5f20cac186b6cb43a", "639e32d8045c4a01b552188be0d96aad6c9f0379d7534eb8d1f9169c082f616f", "6a2f90e245a232290c01a7814fcfaff4bc57958bd7be95c3c8e38f9bbfecbe57", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "6e5e2a8c19561f388aed4011d1c53932842a2ad15f5688a3a202ee4c102bd2a3", "7160e67d85ce692b4d6afeeb6746393c721128c8bbfec4f460e0b3dc173ea84c", "77c74bbfd5757a3831b1d119934739104e6c825df2b3913ca8bf9e9cfe4e3a17", "78c80fb261f33bfbadbbe107ca34fc48ccae223cfb39e462f9626ed049427fee", "828bbfb86a68e80b0553918891889873caa3e84751031709ab439b68bc9d3853", "8804712244d1403093a8ba38b9c5d955859aaedd70df7dfccc5745ed010a4640", "89b91b3beefc3597270f24c2dcfc9e2552cf0fb377d96f4edf6cf33e0d24329a", "8c13a2b9ff97e9e5607fc01d00fd2b01569307ed591e0e4b698ca2e0019d5748", "8c6c341f06b1b7814a62a9ccc07c18329315e813b04303af0d22114bbc3847b7", "905d7c47e5e04f39786ba3287becd98635ae3bc68098ad9d91ed45d1bb57a852", "907fc756b692b0837b0b19ed23268cfb8f8c22f29a6c0b241d1ceff272698c81", "966b9b1e31871cc78a5f770482b5169a43b3bffae7531c122a4f1d054260b8e3", "967297a478307b3ed3d2987ed727bdc3d386a0d625da47b8a521e79681610c62", "9a18c177f92967c1a9656fc15dda6ae4b5b9872f7187df605ff6360e341ebb99", "9ae41058080a95f1140fda440d1f8e6256b99f76e8653361ef6f934445cdacc5", "9b72a394be4355356124171d0963828989727448389b0a8ad7aec48e8510561c", "9d2a8dd4657435ed8b0f82174ed1d7fd914c217302c14aace35be62f388739c6", "9fe51ebbb6042b2db86bab5f1be82669c7542ddeebcb17d932abda01575478c8", "a06106618c364bbdbffc053e9cc23be0c431a2872dbfc6084086fa21fb96eddd", "a668c56018e2f9a8d143f664350e59bee8a01d52484831257cd7c7cbe8b79874", "a98bbf24f8184baa490fd5efae13ed7a9afed165ca737e0294285afb48f3ef03", "a9d654abe7b59a37a4434847ae5c250ff21614be8c6fac4cc531171d25dcabb8", "aa1cdf2b9e6008793a1c703cb1c90a1269dd363224797c48b816bdc6ecf01e9f", "ae0e70e607892c3b9b2d88d69e2c3e6280a3ccd951d3a1cfc738039b5a92897f", "b763b49d085042eebc784d7459efdb5b8fbc46acf0b4d0a42935ad122824ddbb", "b7d66e31ee7d037f55e002a573f79b880236a84cac1bccb4cbd7ec8fee0825a4", "b8510b3c50cf44069e96b8c185a195facadd0811419cf5f8338f8504ee1fd946", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990", "bce9ce3145d951e03e94503514bd1b32b143724839fb6c714fe819ea9a082a9a", "c2f53f51feab7e2b30d9415ff5a310cf814787e53f5e6d134332705572c38616", "c5d79b42cf3dc4c68df6984f94aa80670308fd5be9a9c948c43220e20075eeba", "cd19ca8c3a4ae55c2b409ebbdd821237db556cefc40daa2957b9c6a7ce5e91cb", "d0a804d9cf1880a095bab97247f245a112471a3cb4ee9ed29e13f1be45baefe9", "d0dce9fc9f81109f236b6f8505b4ef3df62d3e4daa60a008bb1e70d8630291ee", "d3f39c9c47ea9d8170cd9067055f2ac4e1b00d7d3bfb356b839b88a11efc1f75", "df1a2477266afc985791cc66b418b280be64f6e82afeb7cd3fb2f7670dde4e0d", "e1222918dd912f77cb93162f7509d4e0eff10505ab975d6eba85e493b510c3b8", "e76f5372dbfaa136f700dc4956e4c0c634bd3ff2037de6ba2da07e6c91797f5b", "ebbea9d860c581c6ac7f1b5f3ee7d2227409245744b5039014c30d7c05e98fa1", "ef47cd10f969d123dd3a646d31afbb906683abc648c0def8432fb56f33688e5a", "efd27a91e312f00d99406ef869197ff67caad549bb93e90774fe9d9ebdbe8c71", "f0634e7f883cad631c0ead33d8b3fd321f92bbac7b35c53834bbd5f23a70900b", "f2ad030759c1ccb96027732770cbc0a1257708ee35c4e8044bc31d67be47d0a6", "f7bd9ddfff492d62eb0edf6112b0838bd1130b8bb2bcb7ecca13b990699ab811", "fbbc93bebce40c59d012c32e180ce388a6b6f701c49aaf87164796cdcd2b0023", "fd40e9cff73088d0bcb484dea9d893f085a78e4650ceb89c2c9caf6dc0f37276"], "iocs": {"domain": [], "file": [{"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "path": "%APPDATA%\\Install"}, {"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "path": "%APPDATA%\\Install\\offiice365.exe"}], "ip": [{"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "ip": "155[.]94[.]198[.]169"}], "mutex": [{"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "name": "-"}, {"hashes": ["137a08e7d60b02f3945079b128bdfbdb5f6542a1c40da55e98706611145198bf"], "name": "Local\\MidiMapper_modLongMessage_RefCnt"}], "registry": [{"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "officeii365"}, {"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85", "16378feb7c715fa61226714f677c483cf7f2f6d76f0ecdf9a5a53f19cb222269", "1b931bc1f1aca020b9ace62ff9edfaf9d0c016d96f596e1ab452a4a9c8f73c4d", "1e36ad4c1ca3bf21c9bf25e99d8c49e7dcdfa8afb00b5b64b531774ac5f37026", "1e4a53218f364bb950b259b7dfd14a470deeb8016202b70e22ed2a62fd1f6338", "227f4b7cb1b4256ee6b283a781ef9b9b7a763c6328d70e9cf8acfe9e5fae109a", "24fccf9369918b06aa514ec3d12709ab4fc21375f1b8b3f995588df5bed8fc28", "27805e582560adb6ebe4c394affe9f4c8143b5187d9d77d8b9c0e366d9d5c791", "2c9fdc8c5056568797437e12eaf849b38a732d066868294fdccb0935a7406e47", "2cfe584b0b15fc716b4b09a916bd44b3a2d25bef612ca7cc5665564f6e67e20e", "2dd5fd8f00f9837b33fd06bee57ffa2b66f42a268dda9cec066b499198faadd4", "2e5b01f3247577c8faee97771425afaddf9642f5724330922fdcb6499168e8d4", "34ad531b5988a986ecd4e84a1333789fe927bfe623c1af30b5eeddcd3a0b929a", "3a1c83a8cc8be9cf1bc560b306f1efc05ee968ffc1cd5cc09f03cfc396376d9c", "3a745a6f37ca1cdd7008b5c055e1ab1f6c08b4cbe8635f7daee04d6fabaa61ae", "3ad06c1c1870e53f1bb229d8f12046e7b6ca2d9de4425d1a4c57b689e7a6995d", "3e00e706e14da9d53f8339d604ab82a5e2d4366d1e166218dad4068c9822599f", "427d644fef555c6c5133fcd3fa1979d5a0f642a6ec09184292515ff2cdf70f17", "42d11a1215979e76c83ac4ef151bbc53344c6fbb039d73e1a40eba3c725da2c9", "43e8dd8857d9ddaf07d6d13eb054445d2d195aa84009cbcf33ca962659316fc0", "47ff48a7c4608bc0c839f627f30d732df2387bb3a48b12b7be06c7c6f6a07535", "4b12e1d2a5f2efaf9bf94c3639191757178998bbd6d40a24fdc7939df872d459", "4dfc0cca0d7afe312265579018baaa69c774b8942f19454e37b03bf89b001574", "6db4d339e819115ee89875e107d12ebacba3bfe0dc79cf091d063fa48dabe6f6", "baa856039c855198991624dbaaaa456323ae510a75da6c018b28831847baf990"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}]}, "reports_count": 28}, "Win.Trojan.Emotet-8831420-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "nginx-webserver-detected", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "deleted-submitted-file", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "mitre_attack_tags": []}, {"bi": "malware-emotet-mutex", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-get", "hashes": ["db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "http-response-client-error", "hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "mitre_attack_tags": []}, {"bi": "potential-registry-script-execution", "hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "iocs": {"domain": [], "file": [{"hashes": ["10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646"], "path": "%SystemRoot%\\SysWOW64\\msihnd"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84"], "path": "%SystemRoot%\\SysWOW64\\WinSATAPI"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5"], "path": "%SystemRoot%\\SysWOW64\\offfilt"}, {"hashes": ["ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd"], "path": "%SystemRoot%\\SysWOW64\\msjetoledb40"}, {"hashes": ["8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d"], "path": "%SystemRoot%\\SysWOW64\\KBDHEPT"}, {"hashes": ["9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0"], "path": "%SystemRoot%\\SysWOW64\\WABSyncProvider"}, {"hashes": ["f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "path": "%SystemRoot%\\SysWOW64\\KBDTH0"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "path": "%SystemRoot%\\SysWOW64\\OpcServices"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "path": "%SystemRoot%\\SysWOW64\\SensorsCpl"}, {"hashes": ["d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "path": "%SystemRoot%\\SysWOW64\\MshtmlDac"}, {"hashes": ["70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa"], "path": "%SystemRoot%\\SysWOW64\\wkscli"}, {"hashes": ["4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-crt-math-l1-1-0"}, {"hashes": ["cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b"], "path": "%SystemRoot%\\SysWOW64\\ELSCore"}, {"hashes": ["61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-crt-time-l1-1-0"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "path": "%SystemRoot%\\SysWOW64\\jscript"}, {"hashes": ["23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "path": "%SystemRoot%\\SysWOW64\\shell32"}, {"hashes": ["49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904"], "path": "%SystemRoot%\\SysWOW64\\WMADMOE"}], "ip": [{"hashes": ["10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "ip": "64[.]88[.]202[.]250"}, {"hashes": ["10f75e4e6204c4215d8047e9f83e00773a2284b04ff5aab7fbc236e919fc12e9", "1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646", "23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9", "2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445", "34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904", "4f6d64664580bacb5b28d314b2814fbcdd19a9aa1fbe8a10cd7faaa2bb63cdf4", "61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d", "9fa3c2548e95641795c633ad21af14c37bc4eb45ae7c915c7f36b2d1dae632a0", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd", "e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "ip": "212[.]51[.]142[.]238"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "ip": "91[.]236[.]4[.]234"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "ip": "219[.]92[.]13[.]25"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "ip": "51[.]159[.]23[.]217"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "190[.]63[.]7[.]166"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "41[.]169[.]20[.]147"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "177[.]0[.]241[.]28"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "82[.]165[.]15[.]188"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "72[.]10[.]33[.]195"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "190[.]111[.]215[.]4"}, {"hashes": ["a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "46[.]49[.]124[.]53"}, {"hashes": ["d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "ip": "45[.]118[.]136[.]92"}], "mutex": [{"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "name": "Global\\I98B68E3C"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "name": "Global\\M98B68E3C"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "name": "Global\\Nx534F51BC"}], "registry": [{"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "a5b7b3d636b5edc5fc8c66f114d9056af27ada565023d1da7ccc8bd003cbc92f", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["34f21a49272f624f497acb323a6df3ec6e89088bda108f909adcfa2846665bd5", "70973f1f044e7fb95562fc81e556139bf9a686c18dd25ff2c1fb37a0a828e8fa", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "cc58728510132994e3711b73422259a4d655d3685bd49865d36287c5578ecc8b", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1", "f20a22823274fe7c6facfe45cf72dcd045843d170dcc184282b02f1d182bb08e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84", "4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462", "90aa60078efd0531575251e576f8fa0fb57432f9c77151ed60db5d0af864b71f", "9771356e41636b0e3da22ba6601a9e3bc241ea9564f7ebf69c38d2850e68f965", "a121870fb766b6bbee682ad7b2980fa6a9f8d5e3196e6b99575ac14f998ab67d", "b40b7e83e298fa903beb99e73a3dfa815590ef5eda2b2992f9a2c4039bcde339", "d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494", "db1a25b0bfbe7ebe00261719ae07d4e5ceac5d00be2a3100f297093d7ddac5c1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "98b68e3c"}, {"hashes": ["1ea8ae69eb42468750338bb04cc79e8bbd2236e99c2fbf7f125de412e8cdb646"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSIDENT", "value_name": "Description"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": null}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "Type"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "Start"}, {"hashes": ["23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBD101A", "value_name": "ImagePath"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "ErrorControl"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "ImagePath"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "DisplayName"}, {"hashes": ["23e13139b833a414448ae656c380c264d11e5fb0227b0e12e41cc5adc10fe9e9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBD101A", "value_name": "Description"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "WOW64"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "ObjectName"}, {"hashes": ["4a9eed59a71750a9a6b8b34b3f1d03adad982177419bea9baa70e13425551462"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "Description"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": null}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "Type"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "Start"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "ErrorControl"}, {"hashes": ["8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "ImagePath"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "ImagePath"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "DisplayName"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "WOW64"}, {"hashes": ["8d395656288dbc0f038ebfe537fb603975e5c9a631e5bc9d0d2f26697ff7124d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100", "value_name": "Description"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "ObjectName"}, {"hashes": ["2d016bb33f995698e9e525b03512dd3200a072a950b50e94f4f3de9ff90d6445"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCRRUN", "value_name": "Description"}, {"hashes": ["61931b4ebafb6a97880d044bf6d4bb36b393802bb91b520ee67df67dfdaaabe9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100JPN", "value_name": "Description"}, {"hashes": ["3a97337036a588e085c1f10e8f792c43e67379edb6de2a62686eacb65ac3fc84"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSATAPI", "value_name": "Description"}, {"hashes": ["49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PROFAPI", "value_name": "ImagePath"}, {"hashes": ["49d04a0ed478b4053657628d9a88e07b02718cca6541a223f13244a65a2c3904"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PROFAPI", "value_name": "Description"}, {"hashes": ["ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DXMASF", "value_name": "ImagePath"}, {"hashes": ["ce920e9f2fc887bb90b22a11e9bacf4c683a635f8e6cabacc0273403c77de0cd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DXMASF", "value_name": "Description"}, {"hashes": ["d17cf7c62851a60933d038d70c00b0a3b4ec631f8f87b5e2c0913d22f5ddb494"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSHTMLDAC", "value_name": "Description"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": null}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "Type"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "Start"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "ErrorControl"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "ImagePath"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "DisplayName"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "WOW64"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "ObjectName"}, {"hashes": ["e21ec7fa13f35c42eb42a16242614b37f853f9ad823233c4507eb303dca9257b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HNETCFG", "value_name": "Description"}]}, "reports_count": 24}, "Win.Trojan.LokiBot-8698229-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-file-in-user-dir", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-dns-malicious-snort", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "feed-domain-rat", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-vault-api", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "deleted-submitted-file", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0007", "TA0006", "T1003", "T1217"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "malware-guloader-traffic-detected", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-null-encrypted", "hashes": ["5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from many popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "5008af9d951ddc879c098dffbfc9af85b6f96ce32272485f0346fefa3b493768", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "5d7b52a064d68237714bcf5c1a30c9534f4bc64c8b60305e69086ea2f552cc2e", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "b39e808054f6200d6e5d3f9aca3b95b81aabe4fa67a3c152c893a4af19074997", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d4c3bb82ce9a9fd3b7b101372f79fbcb77599af4391ef04771fda99867f2771e", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "iocs": {"domain": [{"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "host": "wardia[.]com[.]pe"}], "file": [{"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de"], "path": "%APPDATA%\\D1CC40\\0F3583.hdb"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de"], "path": "%APPDATA%\\D1CC40\\0F3583.lck"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\a18ca4003deb042bbee7a40f15e1970b_8f793a96-da80-4751-83f9-b23d8b735fb1"}], "ip": [{"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "ip": "50[.]31[.]174[.]86"}], "mutex": [{"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "30600ee5509e5ba51684ae971b4bf271387ba080f229c92af85c585470748672", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7b05ad17b6b18985ee3c33d05eee76b2974dbce81d391ca004d3510247fdfd5f", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "8fa08855b81256003c4cfbda3ac17d847e7f5c940e8effc00d78cfc356005dae", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de", "9456cd22ba1f83699360e25b5b58bb08c77c1f7a6d5a0d615fa6616e3aa33ffd", "ad1454568e5d313beb83e6350127f9f816cf1d58b04986dc6a55f9e70aa424db", "aea73d63276d8d4a333c1c830d4360f82aa9bfbfa8ff50eac92c94ce66dd2552", "afeb31ddd3be612bb940d1b157aa311477982b55671f5a40023e7ccbe354cdef", "c9e5f29b90938a6cc324b9c0af715d1ce9d22f42866d902fbda6b82dc7b9145f", "d512a449b14967c291c2a67792ab3baede14246dfae655eec5c19d6329ab685e", "e21c822d8ae5c4a9edf67ac24ed11e5e1e4e26ea6499d1dcd1dd1bddba16bbfc", "e4476b3cf566af287f7a2c1faf239b3cf9c8dfb66d5205cc33e626d7807fb565", "e97eaca2415cbe2a17885a1666016e65d35c42fbeea0ab6045eadf13a71744e7", "f5f9978b63bc9cae6e1eb99f197d7397c46452e3726dd227aaa4b9b631b0de42", "f609d2f3b28a709820e340ed7d4926f0b431970589e05b3597215c9a475298ff", "f7ea14411160297d5520284ab6d64550a5d8a1df31d4c627f9554a326e633602", "f8a602e9176ab5622bf24026a83d02ffcd29ddc321c649e8239a037f6dbb562d", "fc7db36a194e2d23b9ff8b8971677ad976fae2e0e47d387332ccc3c60351089c"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["02405e5b4e6e088d62745e8dfd4b5b4b9491b3db7fb1015e58b97540faf83a12", "05b528653d1e8ccb41ad0c548c241eecac3975dff75b52265fee43e1a3c73702", "06166ad95fb7e93e9188bfce187973d9119de33b9f4dbd14d6ccb1d944bbd3ce", "08595b0bb686e62691ba5ea7493d7910dce9d49b91083f4ca56c032056ab1fb0", "0986f1341bdb2a5addd83cdc9e166538e01c5b0452a5906e86d5885ee138939e", "17ea37b291a0e7c18627f1b1776225fae81bf0d9ef903c66573b9133f8322d92", "1bc766900cfba5f94c6f1733615d96a8834b5ca34d79f45e120342185445c8cb", "29a018b12ea30cf94dcab8b5c051440edc99dd53fec1e77c4defcc6a6be2818e", "2a9af6d9215c0783552a3eabaca2b0d982539d4c02fe28a2f5f7be3e7f8a9166", "3545641198203804c69e11c51863818789c56ae73035e133df5564c3b54efb0e", "38121326a2c7ee77a3f07f527401011918ab496c3bb7b54b1fbeb13d55b78d3e", "3d742d794b637d0a9117dd81f2f42f8376387faefe84566b5eaf6200bba999e4", "4bc88ed49a1a6e9687bd7e6029aa342df798a9df7aaae8fd55216412123bf6ce", "556ccb1f58e3fcb0e21a33126d4b0c9db301a67ef73707bfe01e6e8617b98c31", "583683deb9f5b36e4727455fc30e6ad6c67691f96c2cfd205a3ddb690e579a4d", "5b80f62dbee57c236b952eabd918eed83182870d4a413fe135f578ea905446b5", "5d717bd1c7a0382de9e17aa60ac47338ee9ff3386f0cd71a98d1e362edb978c2", "60e10c08bd4b22471b3fd3f57b573cf9733ffd6743e6a1c3f80f2f55e1fb78af", "64161b5861ba3e25658555cebdf0839450498838d61bed11857397be364b3eb5", "6cb0d058dbfa61e106ac946c6e2458f4c77572551f1c1167fda8ec7163097714", "74cc691f958baafe2a83f013d35cc109fc5ef6b1548e2237134ad8e2ca5fb437", "7eff938570b91f6d0358e3a048ca476f7e458305354a951bdc9c80cd8feb23a1", "84e4200b2bf133367cc14849c3529892c916b3a0eac77e4fdfcf903d616e0b12", "864a2e326259383fb662dceb819d4a44ee1fd243db09da5e89c2d64dcea0185b", "86817364e36e08513b90718db630c2fb4123a5eb4b04b23564d5b3d4a9ae423d", "8f579aa7179044c6c6c46319d76001c732886094900d634c097b4d78eafe0e58", "938de5c70477fd86add841955238b762838b66669ca8dda6f6e44270550892de"], "name": "3BA87BBD1CC40F3583D46680"}, {"hashes": ["66184f03bcb915746e01c9db03c9338b817ed48ef3b952afa25e10e9524f7d06"], "name": "Global\\399bab01-b9c0-11ea-a007-00501e3ae7b5"}], "registry": []}, "reports_count": 48}, "Win.Trojan.Remcos-8699084-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "cmd-exe-file-execution", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-windows-script-launched", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "pe-imports-toolhelp", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-remcos-mutex", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "files-deleted-used-vbs", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-packed-upx", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": []}, {"bi": "pe-header-numofsymbols", "hashes": ["1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "3e06fff816c98751a1b980a1637f14194c3f5a90f4be1925d6419bd917bbffe9", "3f97f35023f1f6d0a1bc85e4da4fa900e02fd919459ca6d5b6bddcb276b1a965", "3fcbb14b7cf3e9e611f64e756618d45bc580c916342e3bf975487e284ac32b24", "416adde4c9c19d657c1aebbeb564eb1505fdaec07b07073fdbec56bc0853b570", "4175a99b9b317d65b124b9355b778081a8cabd487b6ec5f3c776c017a812d367", "41947985ea46b73fe6a7b5e0bf57dbfed1dca7e1ffc74a71af2205ae118130d5", "41fe2f20d6bddef4608268be2ee18d994bca637755716693dd34105d676fae05", "4308202479ce50efe9a4e1bf30c38af13087d871e3136b59051a401c7f396070", "451bd439528c8ed3b9898c076df4ea7fb70145c8cfe1e9cd4b9a5c125a062db2", "4622547af1312876d8a8ff214c815c9347ec46f1bbe7a2502ca851c821ba4c42", "485aeb2fbfab0224b9aae90d20adda400ca8e9b20e78c210aef6f92399cf58cc", "490d51258fe6b646f5793e59b8cf154cc8aeccd817761736a11616ab75ff3024", "499b647341bb523dccb8b7e78ecf9ed7d6c7e5ac7be699d5178e97a9a38761c9", "4bf3faf727f3dbeb10fa30715470bc724d4c02b6781599fb4e14871166e67d0b", "4c8ea2167c7185567a5ae9e593bf038b6491b9abcdbc4b117bac13e74d10481d", "4cc6165f1b2b4499dd0a03c71b80b28e0ee6e87752869cda9821f1a7d45f5dec", "4dbe87481307f4c9538a519a386a54a1947e840be377eb154b1b7a80588bd215", "4dc8ebea371ac88e868f4aee0b5f9fbe02aef576e373cc641bb14db67ae5c93e", "4e1baff2322a61d295c8d779ee7eef55b8f5c0852ef8250bbfc27337ba57e5a7", "4e26f31f3da775e445c6dc1ee8dc80e81a352d278b4e27239e2cebd8d3a38020", "500a974d15a6a0e9466a6cd393da9c5437a18424d544af7b998314de01fef27b", "53f78171e8824c5b3d13262c7bf5d81a4ec94298069340bc2f2cf0a34da3a59c", "54313504ba360df57fa51ce14d1d46e97ab88927a1c3a2b33cd9791121d6679d", "55b9a6b03bbb4537ac8bb49979525191693e11e38987c005125aa6626722cf9e", "5676a3f325e24728730c0aca081e278d480a88421db423bc16aa8c54a14acbd3", "58e89cf1e859e85ac6e5922a68667886baf7bc2504e950ad204fe4adda025c36", "5a6eea649cdf39defca77436ceb5f92aa83debd850cdddca2ca065439e9b78d8", "5b9a9e7879d0a5a144bf0567056946bfa919115e2ed0261142a04e76a2df94e3", "5c199be9a052a06b45b3785b33d355ea29faa939e41ad6defa799231f38215ef", "5cfd85a113b223b2ebe75c283de11ec720fdb0e002fa62a1ff8cd4c1e2737016", "5d16283caf975c24b3d3ab402c0e2e074d6102cbc937e3bc455af017f8b319cf", "5da30b6574928e7423605e5eca00c035e8b2ba007cd8c24a790c157c09559dea", "6180bed25447671eb311697702677e67e4aa920f039fa848c5ddbadd9f6f03e3", "67e151c8ce75bf06f47d8a1fc0af7604f597a626fa750d9f0698f41fc950c8cf", "692c11c4184dfddf6443a2ed4d1432c70c8c9bc38a075644386ec3bb23a7a469", "6ac802953ee9eb3fe745f8ab58cc977e63935e83e686886665aab2d647733fdc", "70b35d4b82a4daedfab8c7c418229c75a5c220b6a211cb0532e6e0c1bb3a6d15", "7185bc27071788aae7756fa4fb63bb3a2b9d642745202010532aa9933cfee7bd", "754a26923f6eab3b24991609798b740ff688ca66307d6b3000dcf5a10476ddd3", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "77232829a2e04ec523cbcd3398516d63a0ab1e7a3cdc1174f5474c25e70217fb", "774cb6cfe583f2c7b955bb3f11b19372621b2cebbc0a39343c90c6706389465e", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "79f2223aafa3ecc87e0adf42e1eb176953564848b6f53aed9bae768f7fc60742", "7c5ca745adf962e655d91873af95f6efab42e1900842776b32655bb2e76292ea", "7d1e2fe16bbb446bc70587bcfdfe4afd52ae2215b031f751915561ad6b14dfc5", "7dd8c62cf2beae65df143e05f469e31307fef2d95c6e9e62ef811e54cb2fa49c", "80c29691b25a4a6adc8411111bd04610944f4f95fce58da4d11067434f96c916", "8123665019f7759571cd6fa640401969a9fbece67d453662583c1e6cbd5dfe74", "84521bca8adf485cb07ec9d7df4ddbddedef10a27376e35f2db6b16247cc3d86", "86d8a70422d9c52ab6dd13363fc7d91267c7287c9badb3a9c2c0e9c582baf00f", "8d12febf566f380390948654a96c5a05791e0d10ecefc1b48613c8d2daccab7c", "8e1786f2c79738a27dc2d54fe7e502fb5d87c1c85d37ae794c7a77cfe3375584", "8fe6ac629292724dd5d654b4502ff31842e30abfc72c031a13c85e49c7c864c2", "901b2700ca54cc8c245c9f3af1257833f68561a05dce4a70a4ddd211c3c284c7", "91d65a133ac7d4cff679c214d6be87507b6283199cf71166c0192de7e5caec28", "94d56b8afbd40da851c9c17bac44a76f888e6f762487a05e744b131ee8c5d436", "95a59168a1aa4e03c07b6e36c48d884854baa8336f97b186638a7a8d0d9d8667", "964d17ccdf27c55763db67d7a2e640edef49b95a1dce9686a79651c72268d6fa", "972ece5845c2362de951da16023c6aadf2dca61b2d89b31f4d4285efc0239811", "9bb4aef305e1907173d4a8195938630beff4adfa56dd57d5a80a61f8ee3debff", "9dbf1fc4c02308c593febe94938cd3c0b74acf3e30147d225edd0c2a497ce8f3", "9e381ca2be89eea13710389ff2c0b5fb81c475c9905242f97c2e3647a93a7d0f", "9f27fea38eaef43306cf51640f2aefa24bd1d42820f3e9a6a090ead3b6550b33", "a1bdb9a071b01d128f7a2f62118f05433d99dcf9c721149cf12492d79d657203", "a3e7f81671785ca8c905fad8ba35ca15e0c0f6f11f72eb5f659f0748de8a55fa", "ab9d0f0d9db5bb0840422b7480dbce0bf1703560790924271d40bacc2e7801b0", "abec99ee70d74ed1720188996b96ef541aaea585deb91c8b1734880201bfbe39", "ac69510062374de9d5c9229fdf7b8e8996035c89de11a2058e66487167d5521c", "adae81e0a0a31e772cf054db78dff8a734488462d6ab1268e82f93c19a9b84c9", "aed84757821c361454fdd0bd71c32fccdd9454885d6b315ae06fa0a3e89e3025", "b19be2ca6354ea8c16a81cd7169c5681c861aa24e0c1158952c5612d1c93590d", "b1e2080ca38d3e3ce5694bdb2f785fb86a18aff2fc2a19349b2af442b0881f67", "b47f190ab3a53fa256eb08ee4dc82efc4efce7292e747126574dbabe071fc211", "b50b8bfec8eb0b9ba1bedbf7d213703b205c1af9316866ec25fc2ab8556665b4", "b60e1b532dc6aff42f59edacaaed3e6373ab1e99b4f4135a0825810cbf25874b", "b79694af4a3636395fec84a6795c8a4b695f108a10e9d7925f78d43b6139df01", "bc0da6bfcc83515e4038635ec111d400a8507dc692de5aec3d5a32c5ad41fee7", "bcb1ff9d6118cf6316d3f0d0749a5d14ff81ed6d448bce75d32d289ef0e2b720", "c100838efa837317872dabe221b955b602e8a49f374046c3374966738aa59af6", "c1208649283417c3b51c11b87a822fb3297bb7e30390087908a51964f903debe", "c5f52457295fbea8ca129eb0677e201befbb864af9807ec2e38dc8cfbab0eb05", "ca6d975298953046f1cde85e2db88cf5511b1dbd43bef3de0660c20b44742bf0", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "ccd18ddc3c338ffed147ce362a72188f322c31801cdc43abf7f3de1595012e83", "cf6a55eb6c693db65050d58c0cb6d809a2cac31ee044d4712cc6c1988f110994", "d087bd83b96a840433662b42d79b386165d29665ce9f7cfb4f8bf51c46027536", "d3bb3d5bfbc08818453c4a8a8e986accd532772b68d6f317ede18e31cf08812b", "d50d67476a58ce399962f3202742856911f85717a87503b90b950960da14878a", "d7c7f04f783cda203661f47b1e79308bb34bc5d05375ef4bde5387188deb2c82", "d7deda6a79045aa56ce86c7571a007147d1536af5b95322b6a914b5bcb342ce0", "d875f8b3338823caf5aac2d3ce5404c6b10c5ba13438befb5bde0a40cb595b11", "da2658339ddeb6f9fdb327f3f8333993b8582bd558c9b8c8ad6d9edcd5b1c05e", "dd565d1bb026f0a219df8352ff605b706d25bc2bc80207780ff5689630db7986", "e0c55d7eeb7a43c8c58b2b5af8bf7a7157ace347522511f3d182f27be941cedc", "e850b7453be87b0e30aeea67934d67dc1b80b8b3e5473caf830b312adfd94a4c", "e8f77fa9f9e2067b929ff16320cede500fa8ffaf743cf77eb194e735e3db3d7f", "ea7161bdeab616d3dddf477d008afe191adf2d164b608454ce480793fbaa9cf3", "ee79b1ee829848ca715fe277bd8e249ccb9fe60c2596351c7cb90eb50b59ccdf", "effd2bb0547d56af51c28387d3d0e168612d04f971b0e13b85c83ecd1e0ee38e", "f07fb3d8a8e2b9657b90fd0407033ef4b16719fa0312c2d3a482704e868c89c0", "f610c2c5369e97221124d52613bf982696c64d195662396fa9bcbb2e81b3f648", "f64ea2bb9c7ff249493def59520f074f02aa2be8c4d294bc96c992df913ddc28", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00", "f73cb082a1adc29a667c58c6d4ea00217c119c26bf54dc36f8c6f18abfb8fc30", "f806f1d7a73e1da906564e746f79551c41d76f4ba19b5b45883ee6fe5a45cf39", "ffa5b059cdad69936fc4b263b81bf72c5038c16f59435b356fcf3ba5ec3bca56"], "iocs": {"domain": [{"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "host": "magiobi[.]myq-see[.]com"}], "file": [{"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "path": "%APPDATA%\\app"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "path": "%APPDATA%\\vlc"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "path": "%APPDATA%\\app\\logs.dat"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "path": "%APPDATA%\\vlc\\remcos.exe"}], "ip": [{"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "ip": "79[.]134[.]225[.]111"}], "mutex": [{"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "name": "remoteaccess-K0BEK4"}], "registry": [{"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remoteaccess"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-K0BEK4", "value_name": null}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-K0BEK4", "value_name": "exepath"}, {"hashes": ["00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73", "0bb8dd1949a99bb002583f1d99dce985bb3e269ff2e233a769cca50fa55a5acc", "110d620ca455d7584f798a7799b0a92cf07e3f673cecb0f959125afa3220c394", "1950e9f3140894c5fa1bd7d3ebe93a66a36d53fa6d3c1402f3acbdc9bb9dacd4", "19581a964e84d02eaddea5b5c7579be4527504e4c56db6f06e627c831bae0e17", "1b480b38b483190e7d97c91f40c0fcaa27c0ccd9b30897d026a3b8abccd380bc", "1eb8c52f35e953a57e61c06507fb74ec25b33d0265491e064390e6d3410f1b82", "1effacfb3cff4e0b46df62b414b87b4ea0b70e9ec4bebfc55ec54bd3dbe5ff89", "20800e07fc493ab6d35cc716293a212d6a62a22ef0d56dfbcde5de1b99c1c2c6", "20d2a78d773f10bc9d3140bd25fc23e48fce0a2c82ec930698caf5fbf5c05b9e", "20ea5776c98d3b978bdb6c1c131ba031840f1cc5f079d9453095ca00c17854b0", "20fab6ffe5d240cda3e26437f4bccec2484aa404e66d7f8a255d3e5f6cb014cf", "2449ba0a1d2970e93843dfc8b8275895f171dc27de3ab8b2f531c536560a8bd4", "25cefc67cc2c8a6b7707a981617d1f64084c7e63736db9dd4e9aae04a2e10efa", "25d2c4098787879f8ed49e7578a39ecadd6694d5acb9d02aa44214d2355a88f0", "26320027a60323637100fd056f7c4a36da109ee720e7988ba9ef773c500db51f", "278300c25364d9b5a1d9b8300eebc8de89c1c263c6d7337fd9617b91f183d02d", "2bbfd6807ee7b1aec8c84789403609cf03f6afeed38c8a5f6f8d561eb9131f89", "2eb9a53923cb79951c0bbb7cdac72ecae254d75373b59e55280affab1382fb8c", "339579a70517724b8f3e4863fbbf5ab5bda9e16861a9b4c4e2b6ce5020c51687", "373aac4f9b42c515ac0179869208d0b4e02f3d1fbd45a2a99593b2a5b9264262", "398cee4133c816b2b13bbbd5e6c1699a27ebcc1e9077747994dc9908d2b56f0d", "3a5c61220e103be08542a1d47f44d79410b0fca2af2a5077376ab7b2bdd430dc", "3cbc96f8841fd2fbe9775b639430ff20cdf7bcf9ea3c1dc839867d19bde1585b", "3cc44cd55cad45f5596713f80ab45836cf33edf959e59ece400e14445f9a0d09", "75d9d09bac0f40e5daeab6dafbd3c4c198773df18b3442242274c58ada00954a", "78a3204778c4faeac9329c0a81ff00169499511e9ed2b1a22ec7444466541f10", "79aba54823e95ee97c41a8ae8f5e83735f1658db7abc03c6307e0c5bae6ae999", "cab96788d2066545dc28618aad230fd0d2c800df102894ae63de6a937670d0e8", "cad92c8444701e7674ec794c478f605ab48d8936b30262a4057177d81a16eacb", "f6d77aada8fce9cffc361c35b648faf6875609cdee1e46e3ced7f61b87755a00"], "key": "<HKCU>\\SOFTWARE\\REMOTEACCESS-K0BEK4", "value_name": "licence"}]}, "reports_count": 31}, "exprev": [{"count": 13646, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 5703, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 3105, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 2018, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 982, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 360, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 190, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 173, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 123, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 76, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 69, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 65, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 39, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 26, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 10, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 9, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 8, "description": "Wizard Spider is a group known to distribute the Ryuk ransomware to compromised organizations. They have been known to use PsExec to gain additional access to hosts within an organization. The initial infection is typically Trickbot.", "name": "Wizard Spider activity detected"}, {"count": 6, "description": "An exploit payload intended to execute commands on an attacker controlled host using WinExec has been detected.", "name": "WinExec payload detected"}, {"count": 5, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 5, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-07-17T12:23:54+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Dridex-8827837-1", "Win.Trojan.LokiBot-8698229-0", "Win.Trojan.Remcos-8699084-0", "Win.Packed.NetWire-8705629-0", "Win.Keylogger.TinyBanker-8791735-1", "Win.Trojan.Emotet-8831420-0"]}