{"Win.Dropper.DarkComet-9755620-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "files-deleted-used-batch", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-hollowing-detected", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-detected", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. This malware can download files from a user's machine, contains mechanisms for persistence and hiding, and has the ability to send back usernames and passwords from the infected system.", "hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "iocs": {"domain": [{"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "host": "kangawallafox[.]no-ip[.]biz"}], "file": [{"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "path": "%APPDATA%\\Windows Shield"}, {"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "path": "%APPDATA%\\Windows Shield\\WinSh.exe"}, {"hashes": ["14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3"], "path": "%TEMP%\\URQUH.bat"}, {"hashes": ["14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3"], "path": "%TEMP%\\URQUH.txt"}, {"hashes": ["18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471"], "path": "%TEMP%\\CTKIT.txt"}, {"hashes": ["67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d"], "path": "%TEMP%\\MXUAS.bat"}, {"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd"], "path": "%TEMP%\\SFGCA.txt"}, {"hashes": ["67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d"], "path": "%TEMP%\\MXUAS.txt"}, {"hashes": ["14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e"], "path": "%TEMP%\\KPMAM.bat"}, {"hashes": ["5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517"], "path": "%TEMP%\\OSNUJ.bat"}, {"hashes": ["514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f"], "path": "%TEMP%\\WCUYT.bat"}, {"hashes": ["5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546"], "path": "%TEMP%\\HYUVI.bat"}, {"hashes": ["45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82"], "path": "%TEMP%\\UGOGX.bat"}, {"hashes": ["14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e"], "path": "%TEMP%\\KPMAM.txt"}, {"hashes": ["591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084"], "path": "%TEMP%\\MLTKU.bat"}, {"hashes": ["591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084"], "path": "%TEMP%\\MLTKU.txt"}, {"hashes": ["47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3"], "path": "%TEMP%\\LHGTA.bat"}, {"hashes": ["5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517"], "path": "%TEMP%\\OSNUJ.txt"}, {"hashes": ["5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546"], "path": "%TEMP%\\HYUVI.txt"}, {"hashes": ["514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f"], "path": "%TEMP%\\WCUYT.txt"}, {"hashes": ["45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82"], "path": "%TEMP%\\UGOGX.txt"}, {"hashes": ["47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3"], "path": "%TEMP%\\LHGTA.txt"}, {"hashes": ["78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d"], "path": "%TEMP%\\EAOUN.bat"}, {"hashes": ["96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639"], "path": "%TEMP%\\SAGDR.bat"}, {"hashes": ["78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d"], "path": "%TEMP%\\EAOUN.txt"}, {"hashes": ["96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639"], "path": "%TEMP%\\SAGDR.txt"}, {"hashes": ["7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57"], "path": "%TEMP%\\BPOAI.bat"}, {"hashes": ["7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57"], "path": "%TEMP%\\BPOAI.txt"}, {"hashes": ["1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9"], "path": "%TEMP%\\PLLXU.bat"}, {"hashes": ["1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9"], "path": "%TEMP%\\PLLXU.txt"}, {"hashes": ["7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb"], "path": "%TEMP%\\GRTOM.bat"}, {"hashes": ["7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb"], "path": "%TEMP%\\GRTOM.txt"}, {"hashes": ["bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551"], "path": "%TEMP%\\DYCPF.bat"}, {"hashes": ["bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551"], "path": "%TEMP%\\DYCPF.txt"}, {"hashes": ["c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e"], "path": "%TEMP%\\NINJK.bat"}, {"hashes": ["c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e"], "path": "%TEMP%\\NINJK.txt"}, {"hashes": ["ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86"], "path": "%TEMP%\\DRRFG.bat"}, {"hashes": ["ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86"], "path": "%TEMP%\\DRRFG.txt"}, {"hashes": ["c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f"], "path": "%TEMP%\\IYWFF.bat"}, {"hashes": ["a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00"], "path": "%TEMP%\\STGMT.bat"}, {"hashes": ["a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00"], "path": "%TEMP%\\STGMT.txt"}, {"hashes": ["fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "path": "%TEMP%\\WMNKT.bat"}, {"hashes": ["fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "path": "%TEMP%\\WMNKT.txt"}, {"hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c"], "path": "%TEMP%\\YVJVG.bat"}, {"hashes": ["98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c"], "path": "%TEMP%\\YVJVG.txt"}, {"hashes": ["c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f"], "path": "%TEMP%\\IYWFF.txt"}, {"hashes": ["f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892"], "path": "%TEMP%\\JYWFF.bat"}, {"hashes": ["f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892"], "path": "%TEMP%\\JYWFF.txt"}], "ip": [{"hashes": ["78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "name": "DC_MUTEX-LC5Y2B3"}], "registry": [{"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["1413fef08d05c3d90139063300cb4fdf7805d8e31e3cb3c409929be6ddf0e6bd", "14bf404ed2f9d5884b1dd4acc0c4f87fa15f23886932d43bd37457951031f00e", "18014f591e6b4866cee9f74f2fcd5fae2b5b5786ad263eee60b9646dcdb4b471", "1aa0fcc0821b71bbb7b2bd76b279f6dd2214950d2add3ceb0c5ed53afdde52d9", "45731af93dc827f10ca61072b7fe2b5c2d0322cb88cbddf9c70e38024a8d0c82", "47d33e67feed7e80c588b6fa4171262f3237166d117bd495fded595bd6a11dc3", "4e4fbf3f40f92ee665849125bd1d4f3863022605712bccd01d47d005562b49e0", "514c4ae828fece5a14fe0d2e5da167b655a5e63a465c7a3bc218819c73b00d2f", "591267f430a5cd76c7984a4f0287cd2581534aeb6240481cfb6f266e090aa084", "5c5cdc35a6c9ee373f0864175610370716cccbe7abd86eba02d9198e42a1e517", "5fc3507dec52c0671561d6d0b4ce516a021d2c57967b2c70079850d2e9c18546", "67ff78f4d9bdb3e29dc96131ef4e1facec6ffbb1705376de597292424aa5ff6d", "78b1592147ced127e8947845b19fb3cdb4a447feb7450fac877a9ae9c4d7093d", "7bb03a8d2ea20e67f7b288373141da05dacf8bbaa10b2e5e409ba9f8fecdcbfb", "7cd539816076160096f0ed7cf0962c4fe798be2e6d3f37c3f6ee92ef8010cb57", "96d71b6f64784a6eecf1acfac7e77a537e631e3bcebb071ac7ac47dcc8504639", "98b83d9f6fb99ec2bc19a46f06aec7ded2c0d6d9024b80b97a5a79d26416d83c", "a0940d61a58c76796a088f0c31609d8b1d82c8a5d79888e1e16b1ff2d5037d00", "add18977edf0a8e41784912381be91894857d0cccf49871c16d07fac3929a9f7", "bc1c5d16bce60e3bc53d9da1293162ed0f918c4f605ce5e55843c9e9e18a6551", "c44f7052e4422173199dbf217476a4a7b9a2a2d47dff8dc8b42f62645b9e997f", "c78fbf1d80838f677990fb359885e7e904f73d9d8a72f3db1b36ec033d9bcb6e", "d0dad811d0103a2fa321ecc92bcb6ea642c2325377221e946b83954645a628f3", "d40f90bb483a3c75354e434ad6568fcf20f5dd647c8823dee0fdaf31c5035a08", "ee75fa961f7c369fa87869abd96d7ac4d5ecedcfd09f0d54f77ebc34a819dd86", "f3bda26dce22fce9a94825613b58f2694046bdc8e5cc22255aacf1912d0bec78", "f6d46b2c4494bdee8e98f342c1defcd755d867604c623681eef80b2faf34d892", "fc74bcc1653e6148c077c65ae12d159790afaf2be747f144f4481bfaa14655cd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WinShield"}]}, "reports_count": 28}, "Win.Dropper.Gandcrab-9752130-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-communications-http-get", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011"]}, {"bi": "http-response-client-error", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "process-requested-named-pipe", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-policy", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "modified-file-in-program-dir", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "modified-file-on-usb", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "excessive-file-modifications", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "firefox-cert-database-modified", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005", "T1003"]}, {"bi": "malware-gandcrab-domain-detected", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-modfication", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-gandcrab-mutex-v412", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0009"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "recycler-file-creation", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-post-image-url", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0011", "TA0005", "T1011"]}, {"bi": "url-forced-download-save-only", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1105"]}, {"bi": "process-deletes-many-files", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "windows-headless-iexplore", "hashes": ["3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "http-response-server-error", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "mitre_attack_tags": []}, {"bi": "html-redirect", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "modified-executable", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "startup-folder-modification", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-azorult-mutex-detected", "hashes": ["d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "mitre_attack_tags": []}, {"bi": "network-dns-category-harmful", "hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "unsigned-roaming-execution", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-explorer-process", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-lnk-file", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "sinkholed-http-response-header", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": []}, {"bi": "opennic-domain-detected", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": []}, {"bi": "sinkholed-domain-detected", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": []}, {"bi": "malware-smokeloader-mutex-detected", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": []}, {"bi": "malware-smokeloader-artifact-detected", "hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "network-snort-os-windows-warning", "hashes": ["9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-uses-armadillo", "hashes": ["33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-dynamic-domain", "hashes": ["33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": []}, {"bi": "windows-firewall-modification", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "netsh-firewall-generic", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-trojan-bunitu-mutex-detected", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": []}, {"bi": "malware-trojan-bunitu", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": []}, {"bi": "winlogon-notification-package-registration", "hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "mitre_attack_tags": ["TA0003", "T1004"]}, {"bi": "hook-installed", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "feed-domain-banking", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-disablesuac", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "excessive-sample-duplication", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-cnc", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0011"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "possible-dga-communication", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "windows-os-reboot-detected", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-ramnit-mutex", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "disables-security-center-notifications", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-ramnit-snort", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": []}, {"bi": "process-override-security-center-monitoring", "hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "mitre_attack_tags": ["TA0005", "T1089"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension \".GDCB,\" \".CRAB\" or \".KRAB.\" Gandcrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.", "hashes": ["0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "11ca5fe4757a20ba43ac151379cac73a0516c9a79e24dc39672311653c1dd529", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d", "3c5f741e33b7c7e81fd6e63444f5eedb0d547061321b6018f939dd5e51641f73", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "5d40c31336bafd5270d90241fb61c352e785d8b010d6484e4de33ba9491b5ecb", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65", "9159436672e32c43d54f8a7a25549dc174fad7919cafb860ce5961c68189715c", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829", "b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494", "d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984"], "iocs": {"domain": [{"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]macartegrise[.]eu"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "bellytobabyphotographyseattle[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]wash-wear[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "boatshowradio[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]perfectfunnelblueprint[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "perovaphoto[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]cakav[.]hu"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "goodapd[.]website"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]fabbfoundation[.]gm"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "alem[.]be"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "oceanlinen[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "6chen[.]cn"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "asl-company[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "wpakademi[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "dna-cp[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]mimid[.]cz"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "acbt[.]fr"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "cevent[.]net"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "pp-panda74[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]poketeg[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "nesten[.]dk"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "koloritplus[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "tommarmores[.]com[.]br"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]lagouttedelixir[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "h5s[.]vn"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "marketisleri[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]rment[.]in"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "zaeba[.]co[.]uk"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]krishnagrp[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]n2plus[.]co[.]th"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]toflyaviacao[.]com[.]br"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "big-game-fishing-croatia[.]hr"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]himmerlandgolf[.]dk"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "evotech[.]lu"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "graftedinn[.]us"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "relectrica[.]com[.]mx"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "krasnaypolyana123[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "devdev[.]com[.]br"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "blokefeed[.]club"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "cyclevegas[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "unnatimotors[.]in"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "smbardoli[.]org"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "bloghalm[.]eu"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "bethel[.]com[.]ve"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "hoteltravel2018[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]ismcrossconnect[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "aurumwedding[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "top-22[.]ru"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "www[.]cyclevegas[.]com"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "host": "himmerland[.]eu"}], "file": [{"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\$Recycle.Bin\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\AppData\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Documents\\OneNote Notebooks\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Documents\\OneNote Notebooks\\Notes\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Documents\\OneNote Notebooks\\Personal\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Documents\\Outlook Files\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Downloads\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\Links for United States\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\Links\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Links\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Saved Games\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%HOMEPATH%\\Searches\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Local\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Local\\Microsoft\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Local\\Temp\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Roaming\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Roaming\\Media Center Programs\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\AppData\\Roaming\\Microsoft\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Desktop\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Documents\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Downloads\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Favorites\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Links\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Users\\Default\\Saved Games\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Desktop\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Documents\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Downloads\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Favorites\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Libraries\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Music\\Sample Music\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Pictures\\Sample Pictures\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Recorded TV\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Recorded TV\\Sample Media\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%PUBLIC%\\Videos\\Sample Videos\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "\\Config.Msi\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%APPDATA%\\Microsoft\\Excel\\XLSTART\\KRAB-DECRYPT.txt"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "path": "%APPDATA%\\Microsoft\\Word\\STARTUP\\KRAB-DECRYPT.txt"}, {"hashes": ["390afd8e333a337aef9b87b1feab18006f72bddf1ed0b7f20d74de885494987d"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}], "ip": [{"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "87[.]236[.]16[.]31"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "217[.]160[.]0[.]234"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "92[.]53[.]96[.]201"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "213[.]186[.]33[.]3"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "50[.]87[.]58[.]165"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "204[.]11[.]56[.]48"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "23[.]236[.]62[.]147"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "217[.]70[.]184[.]50"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "52[.]58[.]78[.]16"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "109[.]74[.]157[.]147"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "39[.]107[.]34[.]197"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "178[.]238[.]37[.]163"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "213[.]186[.]33[.]5"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "192[.]35[.]177[.]64"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "89[.]252[.]187[.]72"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "202[.]43[.]45[.]181"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "67[.]227[.]157[.]167"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "69[.]163[.]193[.]127"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "194[.]154[.]192[.]67"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "192[.]185[.]122[.]252"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "217[.]160[.]0[.]27"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "66[.]96[.]147[.]103"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "171[.]244[.]34[.]167"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "45[.]118[.]145[.]96"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "217[.]174[.]149[.]130"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "186[.]202[.]153[.]161"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "62[.]210[.]24[.]116"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "187[.]45[.]193[.]171"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "88[.]208[.]252[.]80"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "186[.]202[.]153[.]222"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "178[.]62[.]56[.]66"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "176[.]53[.]20[.]133"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "103[.]143[.]173[.]22"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "34[.]102[.]136[.]180"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "103[.]145[.]50[.]120"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "186[.]202[.]157[.]79"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "93[.]125[.]99[.]79"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "188[.]225[.]11[.]167"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "185[.]210[.]145[.]5"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "87[.]236[.]16[.]88"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "89[.]188[.]79[.]131"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "35[.]189[.]126[.]192"}, {"hashes": ["2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "178[.]210[.]174[.]38"}, {"hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a"], "ip": "104[.]28[.]30[.]160"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "104[.]31[.]74[.]227"}, {"hashes": ["2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "172[.]67[.]155[.]230"}, {"hashes": ["2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "ip": "172[.]67[.]200[.]217"}, {"hashes": ["41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e"], "ip": "172[.]67[.]184[.]106"}, {"hashes": ["1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc"], "ip": "172[.]67[.]154[.]158"}, {"hashes": ["440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e"], "ip": "104[.]18[.]48[.]150"}], "mutex": [{"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "name": "Global\\8B5BAAB9E36E4507C5F5.lock"}, {"hashes": ["07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992", "384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56", "d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984"], "name": "A16467FA-7343A2EC-6F235135-4B9A74AC-F1DC8406A"}, {"hashes": ["45cdf2d61f4d2d492c8638574347cc539573adef7a3cc07d6694f3fe92ad0f88", "5776e98c556acdb8ef0de950723b22153e469894494d15762ca255db217be8fd", "a1043ce7d7579c7d3e14f50e1743835b017087be7fbefe884902230a4e10fd12"], "name": "24e2b309-1719-4436-b195-573e7cb0f5b1{e161a13c-26f1-11e5-93ca-806e6f6e6963}"}, {"hashes": ["0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442", "aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829"], "name": "10853E93BDB42AC8C03259A196091EB198B68E3C"}, {"hashes": ["33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07"], "name": "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}"}, {"hashes": ["33d0a363cd37763c71b63bf8bb4e0e9d9d67e91d495e78192ab92205b1bdaf07"], "name": "{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "A9ZLO3DAFRVH1WAE"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "AhY93G7iia"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "B81XZCHO7OLPA"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "BSKLZ1RVAUON"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "F-DAH77-LLP"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "FURLENTG3a"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "FstCNMutex"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "GJLAAZGJI156R"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "I-103-139-900557"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "J8OSEXAZLIYSQ8J"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "LXCV0IMGIXS0RTA1"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "MKS8IUMZ13NOZ"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "OLZTR-AFHK11"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "OPLXSDF19WRQ"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "PLAX7FASCI8AMNA"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "RGT70AXCNUUD3"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "TEKL1AFHJ3"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "TXA19EQZP13A6JTR"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "VSHBZL6SWAG0C"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "chimvietnong"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "drofyunfdou"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "dwongfumkli11"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "kliaduosix"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "limdouxdaz"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "quangduongfu"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "shwonfolua"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "sioxzuodang"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "sougiguang"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "tiencuonfdom"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "doigstralike"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "name": "{7930D12C-1D38-EB63-89CF-4C8161B79ED4}"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "name": "<random, matching '[A-Z0-9]{14}'>"}, {"hashes": ["d742be9c2cec1aabdb74ab7c928f7ddb34655bc0901edf4360c1c1fc6a394984"], "name": "A2CF1074-2C1AFDB0-AF235135-43F6AA82-046763099"}, {"hashes": ["0123afe6d5f4aaab66b79fcadd10334870c260a565500927a898d70820928442"], "name": "8709A894D8ABD396EF3FA182F17474B3172B329C"}, {"hashes": ["384f67c81604704d3d6e7167441ad84defcb268a4790e66ddfb2352c199a2d56"], "name": "A2CF1074-2C1AFDB0-AF235135-4ED7B467-1EC86EF6A"}, {"hashes": ["aeeeaaeea6ecef412b13adee9544fec6d700177b7e76f215bba89b5d6e07b829"], "name": "6707DD33D580FEADA2697F863FFD1419019C7F56"}, {"hashes": ["07f7615650e7eaba19ea6ade09047220720a1c47c2021defebf2263308590992"], "name": "A2CF1074-2C1AFDB0-AF235135-4B410C86-7AF1CB15F"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "name": "{4DD9D341-5B78-3F74-0733-434CFCF9D567}"}], "registry": [{"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "key": "<HKCU>\\SOFTWARE\\KEYS_DATA", "value_name": null}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "key": "<HKCU>\\SOFTWARE\\KEYS_DATA\\DATA", "value_name": null}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "key": "<HKCU>\\SOFTWARE\\KEYS_DATA\\DATA", "value_name": "public"}, {"hashes": ["10685d96676f498aaeeba160b2b9a8161396110c1f8b824d51303ba903c6a038", "1d55e7109d8f94a44aeb754fb4f40fd9e2f0c12a1024e8cfa11954529b1417dc", "2939131dc2792d9b6acffad58c8b5768628f0be1aa851a07d895dfa7e6e5c486", "41f6b8ab621dd4eeee9436af04c5177a69d602dfd0355ce7ba17f8da5556811a", "440eb026e00de106835ccbe1d55214f96a594531681af1eb33fb617a40e7401e", "88460a1c87da7ca4518b1c95201baaaf807f523ff9fd6ec2492e88647311da65"], "key": "<HKCU>\\SOFTWARE\\KEYS_DATA\\DATA", "value_name": "private"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UacDisableNotify"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\Windows\\system32\\rundll32.exe"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION", "value_name": "jfghdug_ooetvtgk"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "JudCsgdy"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["d33701427e0520e12f101d54286c1cff2733ed9793bc3a6cb269e382485e0be0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": "Impersonate"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": "Asynchronous"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": "MaxWait"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": "DllName"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": "Startup"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "yjssygn"}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY", "value_name": null}, {"hashes": ["b8fc8ef93dec63b905ee2e82ce3d34c7d822a9f0b30ffab9acebf6172e44e494"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY\\YJSSYGN", "value_name": null}]}, "reports_count": 22}, "Win.Dropper.Shiz-9755163-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-communications-http-get", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "dns-query-nxdomain", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "network-opendns-malicious", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "nginx-webserver-detected", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-snort-protocol", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "malware-shiz-mutex-detected", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "compound-vb-self-delete", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "windows-firewall-modification", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "network-snort-browser", "hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "files-deleted-used-batch", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-toolhelp", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-file-uploaded", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "file-pending-delete", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "internet-explorer-phishing", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "js-contains-massive-strings", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", "hashes": ["18a1852a601d618c6172869c36b27c6cb36ae15436c654335dfe84954504898e", "421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73", "71b52dfe10bf2ce5a88d06e4c66cdc3b34d933070a7b8e984f9b5ed1cb36a227", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a", "80b48015c935dd1a4f3ce47e896c74321de60510b11b171ac937afd983c3e4a3", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "iocs": {"domain": [{"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhifad[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhihuj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhisyr[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhynox[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhypid[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhyqun[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuhyrar[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulanin[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulapuj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulaqyr[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xularod[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulivar[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulixyn[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulizix[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulyfoj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulyhux[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xulysed[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqanej[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqaqox[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqavud[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqaxar[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqihan[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqikir[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqizyd[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqyfyr[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqypex[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqyruj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuqysin[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutapan[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutaqij[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutaryx[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutasur[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutinax[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutivuj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutixod[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutyfyn[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutyhor[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutykud[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xutyzej[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxafix[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxahyn[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxapud[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxasaj[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxinur[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxiqed[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxirij[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxivon[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxykax[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxyxer[.]info"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "host": "xuxyzun[.]info"}], "file": [{"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "path": "%APPDATA%\\-1732866500.dll"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db"], "path": "%TEMP%\\71E6.tmp"}, {"hashes": ["dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c"], "path": "%TEMP%\\CF76.tmp"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%TEMP%\\tmp841ba49d.bat"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Evgeo"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Evgeo\\owxaw.adv"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Nife"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Nife\\wudio.exe"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Ocboun"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "path": "%APPDATA%\\Ocboun\\ewpu.fys"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "path": "\\g4fweq23.Bi"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "path": "\\g4fweq23.Bi\\40842F38457.exe"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "path": "%TEMP%\\YU3C1A1.exe"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "path": "%TEMP%\\YU3C1A1.tmp"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "path": "\\g4fweq23.Bi\\963FDA58DDD9E7E"}, {"hashes": ["f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "path": "%TEMP%\\E547.tmp"}, {"hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "path": "%TEMP%\\C4CC.tmp"}], "ip": [{"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "ip": "208[.]91[.]197[.]46"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "ip": "208[.]91[.]196[.]175"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "ip": "175[.]126[.]123[.]219"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "ip": "104[.]124[.]102[.]29"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "ip": "176[.]65[.]157[.]89"}], "mutex": [{"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "Global\\MicrosoftSysenterGate7"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "Global\\C9714A4D"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "internal_wufex_0x0000015c"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "internal_wufex_0x00000404"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "internal_wufex_0x0000044c"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "name": "/<Free_Software>\\"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c"], "name": "internal_wufex_0x00000650"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "name": "zXeRY3a_PtW|00000000"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "name": "Global\\d5a23261-f30b-11ea-887e-00501e3ae7b6"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "name": "Global\\dd701f21-f30b-11ea-887e-00501e3ae7b6"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "name": "Global\\heshs43eh45eh"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "name": "Global\\1Y7Q9G1OOOGUYW7S1uKYyEM1UUGA77U"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "name": "Global\\heshs43eh45eu"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "name": "Global\\kMwuKkoEA5kqEsGkAs7qGKA7I9KAa"}, {"hashes": ["f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376"], "name": "internal_wufex_0x00000488"}, {"hashes": ["ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "name": "internal_wufex_0x000007b4"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "name": "Local\\{<random GUID>}"}], "registry": [{"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "run"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a", "c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "load"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\CLSID", "value_name": "C9714A5B"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "98b68e3c"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\CLSID", "value_name": "c971486e"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "userinit"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "System"}, {"hashes": ["c6e223d9a20a0f4f21c4c0dd21d6a6fa094b51688322171aa54d7c7a996003db", "dafbe2d5b3334c81504712162eaf3b333330d5a100deb68ce6a9033df764782c", "f3457979390343ca08458f68005cc84af0ed08b9594e65d45d3a6b8e5c287376", "ffbc0f6d023ed357af6eeb674e3c451831068403a52bc7fe94a67c99356c4ca3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "userinit"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET002\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\WINDOWS ERROR REPORTING\\DEBUG", "value_name": "StoreLocation"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c", "74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\WINDOWS ERROR REPORTING\\DEBUG", "value_name": "StoreLocation"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "EnabledV8"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "ShownServiceDownBalloon"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\RECOVERY", "value_name": "ClearBrowsingHistoryOnExit"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT WINDOWS", "value_name": null}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AppDataLow"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "AppDataLow"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "AppDataLow"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET002\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "AppDataLow"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AppDataLow"}, {"hashes": ["421fb4e60b5ddf11d5456170224ba935bf033689c1a679d3ace07fea5b00041c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "AppDataLow"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WIBURE", "value_name": null}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WIBURE", "value_name": "Zataenpiu"}, {"hashes": ["5bad643662584c558d2a1d65621928e8681dd9770382820863c9f6d0b4e8ad73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Heinz"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Policies"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "Policies"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET002\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "Policies"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Policies"}, {"hashes": ["74bcf9d958ffb06408a4e01aacedfb503f2e484ebf2026ae10c0708132332c6a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ZD6J0B3CWF2Z2BVWQZUHQQVDTI"}, {"hashes": ["e8688040a73b6393ca931129ac30aa24af9be6e5571f10e01203cb71810147bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT WINDOWS", "value_name": "0000032FB08107BA"}]}, "reports_count": 11}, "Win.Malware.Arkei-9753125-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "cmd-exe-file-execution", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "process-taskkill", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "cmd-self-exiting", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "mitre_attack_tags": []}, {"bi": "high-heuristic-score", "hashes": ["cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "feed-domain-rat", "hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495"], "mitre_attack_tags": []}, {"bi": "html-js-document-location-href", "hashes": ["0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "html-small-file-redirect", "hashes": ["0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Arkei is an information-stealing malware that collects sensitive information such as application passwords, credit card information and web browser cookies. It shares code with several other infostealers, including Oski and Vidar.", "hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "33cea684cce7d20089188a0f359c08dbc2fa9c474442d3e50d078ce779a28710", "344e66c20f1854e0c403e84ef2d9c0c592993b182fdcf5ec02f636dc8e49e85f", "37d2b099deffb575425312fabf24ccf0992f0e2b507cbd0d8ca6e16d3790d925", "3ebf89949866f009382b7f46ed91bc29701dfd39e38436cdb70abd9677444a5f", "41b93a3ba33467f851a948d0815fde9a33ac2a527a5c6e6b0de979ba8a7ef927", "46e586902ffaf0396ee70951d334441a4d7961dde3d113fb71985fce4728b11e", "4882ad1e421f49945a27b29369d052905ef77976a50209ac6b4a0cb4772c204b", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "500aea489b4d68b8c55abf8589c75de332b733b899737f03860d70c8d38ccd3a", "501063c1879f0583cdbb8cd60001fef27b4ed16b2a10160f7a900bbc30ce287c", "5082dc0b190aa0eb65f5d7d73a69f0b9ecb7e62dbc56ab6440582a391efc9d77", "5113b870778e4fc004a89e647bdd7ca354276845f71be412adc273905358259e", "524f072c122c5ba35f0ba0b417381105b1352bbc6956cdfe9c13f243eae86523", "609b1192f6c2161fedc30c42e1045b2669fe169771fd5d9edd9f3aae94d72e80", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "68e2fab8df843667c8b739baf8a27a662559e657428980f797e777a1bb4a564f", "6e2e25ab5758c83091dba7bed5e6a82d37718ce901ce551b30a112dcc155ed70", "6e8181a1eecefe476ebb44085eceb4870f74547eb9962f411bfb6dea0e913778", "6eb45b4abf7adac6dde71560db1097e8d39c7c7bff4583781a0840e76061c9c0", "6f0f2a2bdcbeb6aca49f919237b6713949e94b52bb239db2f06d0706be6b512a", "70f75b1daf7197650386083182c490cb3893310e9ad42c8d9f5a39f88290b493", "73c14b724960aed162caab2ab9c52cddd0851c5797946080922418e294bcac2b", "744c82271287518f00423cc268d2414d14c0e4ea9ca700260a408134938a650e", "77e56e72afb797a93457a472db0b8e4cf2db32d1b06a089cdcd28d59dfe6f538", "77edb598e7672d9ae4a4371ccb66aaee365cfafc3581b7815307542dd80fca05", "7c198b9dba5ecbb5f889d04c87ef0c0e9bb92a12ad8a4036a9855d93102841f4", "7c5044226f5bc1f21b8002777b22032f80da0ade3199f0e9358d560669c75a40", "8234a8eda25b19d13a9931202c747a45555c630c317ebccd46c2e0a0d65cf549", "83c7048ed515174fb9d5b910c5022b79c41514ce4653d49051406c04dc635a4f", "85a36aad37ae9ead9046e13b945f88940db01dc7bb66513754ae63a87c00971a", "86a3c4be50b96863c6652cfe3e685a94c869a8f14d7e025f8d1f818d58633333", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "8b3eac2ecc8a5b81ceec3c713ae2324d57982c67e7a516fdfcd8bb0c13e2a8da", "8bac4a7469dc9ef4e21c74d7aae5aad31861b3e7645635df081659409cc778d2", "8d5912c2472defcd9d8dec08c636c39cf50e1e6a3eabc3d73c016c9c21bab38b", "8eb19f80c4475c9b1f10031b59d8b028d1be378838d516848141ef2748e6359b", "900b9f1ccc1f9f9c38e95c823f22e315f12afcb74e581ae3b0b1897ff418f3fe", "93555e3c558f160d6dd2d7b467cd87412f868d4c229a8732661c00f4f00f7f0a", "965c7e34ce9e5833ab63d7ae0edd88fe07d9b02a741ddf3586a14f01bc6fc526", "9719b3c7d3bae389e802803e4a663278aa512ec27ef1f08233e00468bfdf5a9c", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9bce2ce1914019fdcc5105ca686ef621a67e9bdd19e69bc5ee64f43c23f80872", "9bef1f7e9e9120d8c572b1fc304124f793bf784db2c44787a83e4fb72a9237ee", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "9e21d5d73a43f6ed7c8228c0b21c049c7af45229e34b9a07788f3a0a1188f56c", "a000f246946d40fde4fafcde1853fc19a5a0b491bcba25851c2ae4bd8cd0364a", "a15e4bec2b801420695bfd5e4119d2bf20160630906e77cd49a31e5c83ca08bf", "a69e2bf5486d21e75821414018a8ee47c53367801fec2070270edab80d79367a", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "ab966f4385d72e125b0c6edbb0eb8fadacb5fbe138d807bcb7396dd82468297c", "ae0395dbc04d7da1ada03b44b777f81baff0dfd354ddf89a4ba96bf86e0df6ef", "b3184d3821374b34d7886ca94503f42d1d8ccbd5d6ea854860b977fa4f2c636e", "b7e804e67ca102831a670b3a4ae54f7d339deb458b43f4b0bf0e85a4e9ecb35c", "b8e7563e49fac86ffa322950c5dbe05562f21e4a084351d68a086ba300d79cba", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "c231d1313bc661db21eb2b9320bb311476d80790cd8693af3d065d67754e26d8", "c5e21e300c38dccf4f050ea0991d7e26eeaf0f30a3a42bec0ff48b44ed246bd8", "c6c6ed023d56602fee458f4fa3f14decbbc476700743d1dfc739c033ec6a1f8b", "cc4ae1a2ae1822beac0c9d9a53c7e581d16da97e0f227d58625a7d99302605f4", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d3f12b8a8fd4e196b949e75c31e8a56c80aae85e35cb8f3d9187d984e4ce16be", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "d4cc034b33082af1a96d2674861b54b1aabfb7d8eceb4924e4672d538d8c52cb", "d506c1c67cc2663d382f53ee625a0c503e2362b7593d162bb5dc8744a71cb959", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "dc0a8abc5a01d6e0af06cd5152ce565807046430ce48da7e425692f059f96c42", "dc5e6dd25928d700865febfdbd1556a015da1946586d4ae6fb48b3ad245abc0b", "dff5fe038db1a28df7288b1b88afc0b3f08f0fe543ac2180316b8cc8d38cee09", "e36a6caf1822e6db7906489f17d96b71976581ac2589658d28a66fd4747e10af", "e74190f8721aa8bc22055e620f214046214352d56add03e93343c3e2d5dc4e67", "e8a75c858a1c3ff5b01975b1d45884cae1a1050bcc51f2bd5a5e6da7a2e0abd0", "ec3674132b5c4aa6b3afcdbb273815a8e5f705452cba6c1e0d38673f50f7bb48", "ecbd4594c700589b3e3f6cd808e75fba924c8568e1e48d80b707fe64a5a6ec73", "f3e3a747ed92fd278b12b0022ae52eac8d267e8fbcf2e01f635c1913c64275c0", "f4892d5bdd6d7e51fec90621622a761a17256dd35945f85bff998562639dd329", "f8fc608e4396dcbf85feaf69de103c3d2014913284caaa0bd6efb113c1d3876b", "fac35865c084a00ce738d9dd774f33c7daa6c281c7228a6ff7f9425a5f90cc39", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6", "fd2c746639744e164d91ed52d57d2e5cb76003f0c67ade78e928dfe5379c50af", "fe65f1fac3051f5d47348774235128b4504b644876a97ead9085fc204cd73a44"], "iocs": {"domain": [{"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "host": "ip-api[.]com"}, {"hashes": ["0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "host": "oz-n[.]ru"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513"], "host": "www[.]zzz[.]com[.]ua"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513"], "host": "www[.]mintme[.]com"}, {"hashes": ["1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "host": "minerbtcoin[.]ru"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "host": "api[.]w[.]org"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "host": "gmpg[.]org"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "host": "adminpc[.]ru"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118"], "host": "mega-anal[.]site"}, {"hashes": ["121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6"], "host": "webbserfer[.]ru"}, {"hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972"], "host": "ispsystem[.]com"}, {"hashes": ["272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364"], "host": "11776[.]bodis[.]com"}, {"hashes": ["1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d"], "host": "whxami[.]h1n[.]ru"}, {"hashes": ["320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513"], "host": "azller[.]zzz[.]com[.]ua"}, {"hashes": ["4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d"], "host": "brostospher[.]online"}, {"hashes": ["674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360"], "host": "logover[.]info"}, {"hashes": ["a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb"], "host": "fastloads[.]ru"}, {"hashes": ["d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495"], "host": "ark[.]bsdfksbdfj[.]pw"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73"], "host": "cracking[.]zzz[.]com[.]ua"}, {"hashes": ["272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364"], "host": "mistpark[.]ga"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401"], "host": "zews[.]tech"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b"], "host": "68[.]zzz[.]com[.]ua"}, {"hashes": ["075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21"], "host": "1[.]ak1ba[.]pro"}, {"hashes": ["08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11"], "host": "h1nt[.]tk"}, {"hashes": ["0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e"], "host": "fhostgg[.]tk"}, {"hashes": ["0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177"], "host": "c0de18[.]zzz[.]com[.]ua"}, {"hashes": ["132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc"], "host": "stealer1[.]zzz[.]com[.]ua"}, {"hashes": ["0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35"], "host": "a[.]doganburo[.]com"}, {"hashes": ["2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2"], "host": "arkeisup[.]zzz[.]com[.]ua"}, {"hashes": ["26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562"], "host": "www[.]ugroza-pro[.]tk"}, {"hashes": ["201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c"], "host": "ce46658[.]tmweb[.]ru"}, {"hashes": ["29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332"], "host": "cj59471[.]tmweb[.]ru"}, {"hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972"], "host": "sh1376968[.]a[.]had[.]su"}, {"hashes": ["2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de"], "host": "ttest24242[.]zzz[.]com[.]ua"}, {"hashes": ["30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a"], "host": "install"}], "file": [{"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\files"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\files\\autofill.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\files\\cookies.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\files\\cvv.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\files\\passwords.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\ARKEI-D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\<original file name>.exe"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\Administrator24e2b309-1719-4436-b195-573e7cb0f5b1.zip"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\Desktop.zip"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\autofill.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\cookies.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\cvv.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\information.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\passwords.log"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\files\\screenshot.bmp"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\ipconfig.txt"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "path": "%APPDATA%\\ARKEI-24E2B309-1719-4436-B195-573E7CB0F5B1\\<original file name>.exe"}, {"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "path": "%APPDATA%\\Arkei-d19ab989-a35f-4710-83df-7b2db7efe7c5\\sqlite3.dll"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "path": "%APPDATA%\\Arkei-24e2b309-1719-4436-b195-573e7cb0f5b1\\sqlite3.dll"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c"], "path": "%APPDATA%\\Arkei-8f793a96-da80-4751-83f9-b23d8b735fb1\\files\\autofill.log"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c"], "path": "%APPDATA%\\Arkei-8f793a96-da80-4751-83f9-b23d8b735fb1\\files\\cookies.log"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c"], "path": "%APPDATA%\\Arkei-8f793a96-da80-4751-83f9-b23d8b735fb1\\files\\cvv.log"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c"], "path": "%APPDATA%\\Arkei-8f793a96-da80-4751-83f9-b23d8b735fb1\\files\\passwords.log"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c"], "path": "%APPDATA%\\ARKEI-8F793A96-DA80-4751-83F9-B23D8B735FB1\\<original file name>.exe"}, {"hashes": ["2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364"], "path": "%APPDATA%\\Arkei-8f793a96-da80-4751-83f9-b23d8b735fb1\\sqlite3.dll"}, {"hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\INetCookies\\J58JZCEF.txt"}], "ip": [{"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513"], "ip": "5[.]79[.]66[.]145"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "ip": "195[.]24[.]68[.]22"}, {"hashes": ["8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]68[.]94"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "172[.]217[.]197[.]113"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "172[.]217[.]197[.]101"}, {"hashes": ["272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364"], "ip": "199[.]59[.]242[.]150"}, {"hashes": ["27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972"], "ip": "92[.]119[.]113[.]254"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "172[.]217[.]197[.]84"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "209[.]85[.]232[.]94"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "172[.]217[.]222[.]94"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]7[.]107"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]184[.]233"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]53[.]199"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "74[.]125[.]155[.]202"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "74[.]125[.]155[.]216"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]66[.]95"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]7[.]60"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]184[.]169"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]184[.]42"}, {"hashes": ["1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059"], "ip": "142[.]250[.]64[.]100"}, {"hashes": ["0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae"], "ip": "194[.]135[.]85[.]231"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "173[.]194[.]184[.]170"}, {"hashes": ["27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90"], "ip": "195[.]144[.]21[.]220"}, {"hashes": ["bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c"], "ip": "172[.]217[.]197[.]102/31"}], "mutex": [{"hashes": ["0326b99dda47fc88657187ce3856b023fefe52051e84d833a768cb84790bb401", "039d7013364ec66261347c7f055ced54bf256ea3f5a018d31b066449bf4b014b", "075c993e56b48fe87c24c0b58b21c8f8b45213073c32606b222b0e5c60854d21", "08641de04bd051e43e72527006a3cf1d799ff394d5a5a75b219b3171c4666a11", "0c7aabd1a63fe9d74b77819c9f0ed4a05309c062ed4ebe7591cf309d593c0e5e", "0f1dc323161ce0b22e510945d2b69f3d4bde2cbbf892761d426ff61735ab8177", "0f29e3c9e5d0d3440649e9f742081b278be83c5b9f76cb65bf06049f180d09ae", "0fd077d6c5fa7bc948c64262b0f277bc7152b6ca9b05958af7f059a6a9bf1f35", "121a41530bcd85d027a3b3a9f5f011b2d79de054ba8589041de21385b480af81", "132e2edbf9a97eb30b59d2fa9dde82d8e8d80440e35b23dee73b8df6db748ddc", "1610453727cf82bf981deb05041c2a0655cac62aa9bbf341bbb1b0a46d83b059", "1938b6b25d156b4dbbe9a114dac6cf5d53d7309bff37215898ffb3d1227f441d", "1bf99f63bb8bba5e8d3c7338e0c9338fcf0d170bb567f0c6ce8dc063c6c0c72a", "201cc587859c40b56250f600b450274d9e7a083f35391d863cd579e9e4fc378c", "2142340e89a65b04e4468f22bb096a58004a9932d02b7bdccc3d1e3c94c617e2", "2296a27b28562b0f72ac638106fa1cbdee429c7261412afcf8ce1820a6bc8e73", "26d2ebaa52fa0042dac17c6c29d6a530b70c2b82166df16a62aad1295c124562", "272d4ca5a9e6bf8647e8ac6cb0d426f1f8fdbed0fdb8cf5ceadfe351517d3364", "27525c2b89b8d25f36e1603e469931961284f617281c7456eff2badddab7cc90", "27a35d3565bf6bef2ec1f80a8604456458d306dbee60bb0dc727e0297002f972", "29f2fc13f37a5d7d9acd4819b0e87158b3ffa897d5e3e211e1a251d0334c3332", "2cb29b407451530fbf07c2afb72eab72a937df43563073f566a8fcbf6342c8de", "30522dedbbb52e22c5a663bd9754ba14aaf0f7130a05660566f96f1475611f2a", "320db045e26e92c51af8e3620b17b3b0e902f097b49d5078bb1443de41616513", "33965321082bfc45696ef27b8aa84b58d0b35cb62bfd6f2d9b499696bd447484", "4a42f3945c6eb03a7f164b9d36401b8a45e33f355a47cdedd30913e33163e2c6", "4de049af87ea7420d3b8fab91ad9bbc310a8a2d9f55f04a3215494da145a654d", "674eddabbc2ac13826724c8ee1f968e469263de81e6506a353c75f27e645a360", "68363bb19c831565e4fc9d9c6ba56c63f04ea056aa495904403fba663e10f9e2", "8956a63900ea9e40b3b034a1311f3c0e6cd84c7e2151843d1c85dfafb0eeff57", "9ad89f96d4cf004a564473de916a9d78737264b3f66e8e219e48196a151ec9e8", "9c5ba8a1ef2c8971abdd00f5d935ca1143e9709652ecb8d5758aca51201b496c", "a72d3b1d8df7035329bb77ff07cf8cbfe069eb6976ded9a3e1c41552beea5ccb", "bbf0385f41b3d6b3130866b53e4366c6b5be0f6d78cf7563c7845879ee94bc6c", "be477d8283b76820d2f02e6712a87c6ac4bb20392f62aea1210abd2b4f051e19", "cc97708e8b8a638ba09f9c53d14678f206f82b4a12dfa0962558075b0a34986b", "d44f8cb7ce081618bc6923faf229975534bab04790b66d7aaef108fedf592495", "da341ad8d66b396870d5347df0c0f8e0ee7c8d209e23a2ce39872dde9da23118", "fb89e8912b85b20d417e3235fc1357e7f79c00b059132c99538da682fc6cf303", "fb8f473f88a637cf79846058ba5adfd486f66a106df3a577d99afa9e01a8c8d6"], "name": "Global\\<random guid>"}], "registry": []}, "reports_count": 40}, "Win.Packed.Dridex-9751859-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-banking", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-tls-callback", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "pe-section-blank-name", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-null", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-dridex-detected", "hashes": ["331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a", "4192fc332e50b038e91d9ef19b679dce19d57e477c81574675386459e64ee1cf", "446dbabd0da42f850dd1a3e63a0d7210f61c91d8d424e7ca20011b064354fb0d", "497733cb87dca6299a3c80e0c6d6786844e463c7e42308d97a97fcf99b1cf207", "4b8b050aeb1e6a9ee42afc1730eeb50f9e1a563dd8ee57b3f539f5ba407798e1", "4ba3ee9032775ecc8596ab6a313c8c7d93395db914de82489e783385c755b986", "4f42f5a31b3258466e604381941789fa34a110b24c98ce6de3d127aa067ed303", "528c3b8b3a98c9def72e3ddd7af2ed3e7f964eb36111247e8e1505b7b95b6e7b", "56c5258a68e300345fc4ab069f266bb96ef25752e5cef3ee0a97e6b3e5dda224", "5b63958a83a4ffaaaa5d225b80d653ec0a86a4f5b0a7fa4532663e8479ea21f4", "5bff956a5fa60ec70f4acd42f31c3fa48c99fee046fdf36db986b0a3f2f4fa82", "5c5bf273cb915a3314a3fe34e116d8e91412cc82f0d8b3279d61dd5c022e6b02", "640141dc9d08322e299698983000da3ce3f526c022acaf4325277ad03310a901", "6403ed9c693229ec99e9d997c46c7587903d74c7afd6b64ec59f3820c6c6eb46", "64ca3dbeed1c6fa9db616b7882802aca1dc9a62755780a35108ad0b40093f1ee", "66c610377b879f94a39fb09b161548f203cbc4f1f44be07458514057d6892702", "6a86304729aafd76225e6bc187b80685b3349cf39a9f9a69d1e46ffedf6a60f9", "6f30287ca57f39bba82892b1ad8222f3706175bbdc6c2770f3ee0f6038917b1f", "75231574dd6bcea0de0302d9c17187a16129b34b129561053ffac73ceb50266a", "76108ad2f45ac47e0c997fa023bc84180f66b5915e9a63237ace258cbae4296a", "793d8f4fa313948b28121f3f36fcfc2982e2a98e6875790841d847cf792a0a2d", "7bb8e5854266839a0e1c877d7c9597b4fd07d71cf741064fae951ea1e18b2546", "7e2423da01a1847786b58a77b94cba9f406d0303a6d7e111e049d08503c8a37c", "8014871db31c8063cc24a9c404f7af2cb77988220b971f7eb1bc5389ca895ec1", "80d4e5bea3e5f4fda721c6d54da9934e0b34d736b8d982d6b16916d40f3f765f", "81592bea53a4feaf898c83b6bca835fc7328c9a0866709f5cca3b01bd9e181ac", "819b97186a0c500e65a6a4d686be4e1c773c75660d8bcc71977c386ac727525f", "81b5cc55b59b5e9b65f69e4087c4487a7bec4526e2420213615ae4e35d47c4ca", "8340969f646dc7616c182b4ac986a289ff4c9582d4e6e9323eb019917202d164", "84bdcd083b60d838a8e3e368da1c4ee12bf5ed25cbc7ce6c3610fa7f3b388682", "8a9a1312f2c056566b6fd5ffd3bf0be629251031949f9ddc3bebc90b78d80ead", "8ad83abbd9c22eb59fd845f5a5dc61828e9ccbc0218b71929d45ed48c0cfbf4c", "90a32efa6f01bb59f6f137e0dd2bcf8e34b37bed5bef2fa0903798e3ccbda69d", "92c498fd2ddae6a1376801a7d7c2dd030e0b54a85d37dbcd63db31ca41cf1142", "93f24ee515d61e7d526ee95ccf0bf3f837e898813e6224534f44c8c4c8dd9f80", "a11356119fa460972b738c68709c280565d45bc2098c449f83aa0c1e137f8de8", "a213eeadf3b2f59c0147f5c62b361ff52a9809479d8107bfbf67ec97658b1b79", "a3590f5f2eea59f22c05393054df1ecaa6b096874fe584c678670abcbe993c25", "a37359b560feeda7aac9d614ef5b8e0bb20b0e4a4f37a64465cd991df1027a12", "a7b9ff71a769f5ee9b67485b32b4a9554f6951b91ef087b3ca80a9e96b3f3aa7", "ac9e42fc06149b85a5acf1fa1b436072ed620dd2be1fba0a46e4d55914db1722", "af06e3e1435b7c186bef7fa03f061bc316f99e37f56f5158486819008360c0f5", "b0932755eb905f6a18277e0d3787caa20a0d32afe9ff6c8d5b50aa2eb3662905", "b18d137899b26eaa6c38dcf1ad2c3872104932b9744ab9de47959af71674a7be", "b1f7b25117cba4fd1c9ba45e50490e9eb4c7e2e4ffd07c6debaebce93ba41e66", "b291321d9e192b39e5e3c9145e3d340ef90fd0041a682fa23d2a6094835c86d7", "b38d6ab291b3a9d058ad2253660fc994c9e0d796696e7f9c5a03b776e5524eda", "b57b60323c01d2e41713bfdea1d8a96baa431cc2df2a0257b13e1e4121d13d23", "b5c39eed4a2bafb94f33ad91ab15a1721aade88a8e0c280fd61781c24ee368dc", "b80b6c28efa03eca7a0107e746419781573f564d6d178ec69c7463c667635e5d", "c385a335a7ca87fd7eeec144caf8314bb7e8f7ba2b390f6198686b38cb04c0e1", "c675b6dcb237d6dad4021868717e248a8fc0e99ccb7877f0e1bbdf84dc004fe8", "cac13b5082fe6cb6c5eebf02270569a3853ede65308f28adcee1a07b7f6f7635", "caf633b685c7959e19230882a88b232507db5160d7c1d208945e29b9d02e1961", "cca11de8326a8b8465d12fd2faecde078094e08153dd9c4116299540faa72d54", "cfea85509a5c825db51621ca6284c9dbd71c7d42bcdc4187d67fe729f16dfce1", "d04c35f8e1912e72c82cc061cebb78541780a772349dcfaf4d4f9ec409b4f063", "d2e5fc91521944456c1304a1b33f9c9409fe5008cfc67ba9f86dfa70f12918ff", "d404265cc5f3045884bb8ec6cc9e8eb3d33c5258f7ddb15b6cdeb44be1e4c52e", "d98d4190021685c99d6d304517a61dd4c55ac98fff04aef160fb96133a481267", "dcd8a26c808ab42d24ecd2816439d600eb83051e944e204c47fcdccefb6ac224", "e1fa1fec2110874a97526d14cbcf49adf1a7169266b01d10f649a79300bcc294", "e32fadd6d1cca931ae896efb6ab56949d389c0353085115079dafa9584bf4bf2", "e3654cb88dec8044e5ae81732bed6531a0199c2055accf2596559c1a86ef105f", "e4587861a277fa509a0f7d10faf2b92966e5e946a37bb55b2590b22a91b34819", "e8fd65509ad45176ac3cfa397fa21be35844a7141e32551d40689d00b24fcea0", "f4c935e8d3c377ac789ffc02310ab237fd199e99891e061f3da8fa8a9d70dfb9", "f8b738acfcb155668dc4fd9941572b689824913013ada89c117a97578f24d4ae", "f9bf9a61d7527b601976b3fc65b04964f0a59615ad6dc5d725b6e0f21f28b6e9", "fe2691988555a5869b0b937ac5d51fa8f30720889213b3bfc0e9d4ea9aa571ce", "ff42e1d5f440ded75e62f26b5cb7f64ce48c7f34542b3263f4865607e553d25f"], "iocs": {"domain": [{"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]l1dfgxkxax[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]l7ecrq8sqi[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]lfhpqzgo47[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]llf0iomjpr[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ln2udj8aqa[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]m1lqaikjzv[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]n1xsj0frsj[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]njxkze3mfk[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]nlyyo2zioj[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]nmzcstsr4r[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]nusgibnqbu[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]o54gx35m8a[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]oe7opfnkwi[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ol62yuibbo[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]oq7rtb10n3[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]p9f105wnqf[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]pyl9ctbal8[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]q4vx8y8ntz[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]q8mqxjeksc[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]qbgtvoyl3d[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]qbo2uxpz3f[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ql8rwcy0ax[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]qnbzxolou4[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]qpzo2ewgpv[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]qustnblctg[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]r3yatggl7p[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]rcvkexeuv7[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]rvktttl4ig[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]rzkeqhzzta[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]sipqzqsdzn[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]t1waq0kadc[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]t4or0pxivh[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]trbuc0h881[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]tyhr21xkaj[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ufshuyuggp[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]uvwrxte2gw[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]vcgie5ou50[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]wnif5e8avk[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]wwmfz9w3c6[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]x7acrn91o0[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]xrmdxm7vts[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]xthdtvtjl5[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ychf25xfi2[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]ygury2sjvy[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]yobwzbipro[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]yx6w33oyhx[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]yxgk5lkotr[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]yy13titspw[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]zbalvadlhi[.]com"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "host": "www[.]zbpmwuch7m[.]com"}], "file": [{"hashes": ["0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a"], "path": "\\Device\\ConDrv"}, {"hashes": ["0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["0591963bdc8a1d1c3c2f681608c777c8d378d6188d4c46eb95d817f2ff4ffaaf", "080d3c469cee1b5c0b754ee06af13d74b806daadfc41880e5e56ddb11238e81a", "08d92d0b47502ab6c4ee2ba9a3c6c2af1d18c551b22d9a82493f40b1806f5632", "0ad8b4ac3287cd5919c5f1503e003c2f7a6137211f3c34c25ba32918ddeb96c2", "117aecd7faab205043b82d2ae53555bb09f6f524e177b0586ac43e876e32a4a1", "1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "16e155fcbdcd35cee206f8ce69b66fac7025493f9c788c135bd84e6eb617a25f", "1a23d80d5d0c705f0523c1fb0b70d514e57e10f5d8ac587778d0fb388a361d18", "1ae238b93956e5892bf1a93ed51664badbac58bbe29f6e8443b8b9965aa2e24f", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b", "23cfac48a78747379dc12c12062b327732fb7652db2ddf6fc37b6506494d107f", "294bbe84b6d22f076473e78dd0a2ee05be046dcef2f29f5502e8b01403b909e6", "2a4c65ddbbb81d41346d9b637d437adc8f823a8544a9e069644055431b6d5261", "2abd1b19cf257412dd8ae25cd5d10235ed3b5d93e4ee33edccc0d66e00aac959", "2ae0b7a2708e56b5ba4b548dede2e6688b4d4c0be7b4aa165493e23ba21d3cfb", "2e5aa16772cf1ec1158d71f056ce9e4783626f2a6e6bae67238bd8ab9115d39e", "2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b", "32397fe9b3cb30f46e0f53b1f107f50b599d5188ebf2a225a5168f533df28ff7", "331f5f0a196ed77b67e5f347b95dc5aa72fa2bfe3bbeab03d264954cccf3e1f8", "33385ef0198f6b6e2f48356e9cecbe2d45f90dc841f4fb31071a03c4f3d016bd", "3522fb2daef2b26cfbe966d6d343f6f5a5b10f2c7f56b7bf3d42c7f25f913115", "35d3ba26284bd63a347ddf3211075b8ec41d785bad6262ee55fc21e1ffb9a602", "373a45dcfafcf653e8756b23512c22d50e30a1e11eef7ff776d2411adea66c8a", "3e64558f2a588d3a5bfcc08baf8180439892dc9b4d12e722d570a535e49f0583", "3f32cedb1c6dd76d6714d8ade744f477223200971a24bf074d64746ef6ce9f1a"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}], "ip": [{"hashes": ["2e7b45b65f15756357bebecd3388c5cc5c9e863cd9dc172e99643cfb4543095b"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "W8bT3oLapY"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "WpU89ohRmJ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "XVWVRr0eLu"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "Xxn2a8ygYe"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "ZjqpofEZfc"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "ZrS1btYKZq"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "aAxVNiOJF0"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "aYfJQwDXY3"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "accIRfjKDU"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "d8kqQ0maDf"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "dYQ7et0ZhO"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "eJnnB8BJYH"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "fGeEp5mIxk"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "fpNjknXLM7"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "gPn1tSCTnQ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "gjIc0j8UOb"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "hExr6TOoEf"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "hwy76ZMHFD"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "ilAKVjaHfj"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "j2GX2jiUCz"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "j3TWsRxeBl"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "jNgBdg50Pu"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "jfIOY8o3fu"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "kjmszMkz40"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "kx6o49zmuZ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "mgfyZJK97M"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "moD9BYPaWf"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "nYiNivIJrs"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "o4DoECn3UQ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "oBeRtgA8er"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "oRLdC8mXVY"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "oegQ3LTM5R"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "oeunXBodox"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "plARDuPagN"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "pv5l4Y9lNQ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "qAIogT2Hxz"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "rFhqAlm6NY"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "sCvLrWilmX"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "tK2mInULlC"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "tPG8IwM62w"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "tVgSZOM3hv"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "uxEffF6b8z"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "vMd732ATSN"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "vOxo4paSib"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "wOi4Vwjwfu"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "xsB9gD77EZ"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "xsyEkKwODY"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "yE3anR5eHf"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "yWQXseJftE"}, {"hashes": ["1498df550409a5ce6ac5feff3c55f4be4f6da6a5139ee990c5e5b595c6c65a59", "22351498c586b2c1d17f6be262fa29190d08ec4b0f9cb2b89f46c5d81b6afd9b"], "name": "yiHfYoyA97"}], "registry": []}, "reports_count": 25}, "Win.Packed.Emotet-9754668-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "modified-executable", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "compound-vb-self-delete", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "files-deleted-used-batch", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e", "cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "e81e015e3de623878eb910fc68ace45810055f8f8351b11fcd2e2796c0915809", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "iocs": {"domain": [], "file": [{"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%APPDATA%\\Microsoft\\msdb11871887.exe"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%TEMP%\\12e041cd~"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%TEMP%\\13040a63~"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%APPDATA%\\Microsoft\\msdb11a852c9.exe"}, {"hashes": ["22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420"], "path": "%TEMP%\\8539723~.bat"}, {"hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e"], "path": "%TEMP%\\WAX755A.tmp"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c"], "path": "%TEMP%\\7989841~.bat"}, {"hashes": ["4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428"], "path": "%TEMP%\\3518204~.bat"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%TEMP%\\478354~.bat"}, {"hashes": ["5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35"], "path": "%TEMP%\\2428093~.bat"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "path": "%TEMP%\\4895754~.bat"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "path": "%TEMP%\\9004503~.bat"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "path": "%TEMP%\\2162358~.bat"}, {"hashes": ["22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50"], "path": "%TEMP%\\8347923~.bat"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c"], "path": "%TEMP%\\5894354~.bat"}, {"hashes": ["48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420"], "path": "%TEMP%\\3398296~.bat"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "path": "%TEMP%\\3830542~.bat"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "path": "%TEMP%\\1336681~.bat"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "path": "%TEMP%\\2165319~.bat"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "path": "%TEMP%\\8514319~.bat"}, {"hashes": ["cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "path": "%TEMP%\\WAX2D32.tmp"}], "ip": [{"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "119[.]59[.]124[.]163"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "200[.]159[.]128[.]132"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "158[.]255[.]238[.]209"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "202[.]44[.]54[.]3"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "162[.]144[.]88[.]73"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "88[.]208[.]228[.]111"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "158[.]255[.]238[.]18"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "200[.]159[.]128[.]6"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "162[.]144[.]35[.]78"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "197[.]85[.]182[.]110"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "103[.]228[.]200[.]37"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "198[.]1[.]122[.]176"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "103[.]228[.]200[.]47"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "ip": "103[.]245[.]153[.]70"}], "mutex": [{"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "379c74ec4"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "log$"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "4041"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "4042"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "44c1"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "44c2"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "15c1"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "15c2"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "ae9c3d884"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "48c2"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "48c1"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "3f42"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "3f41"}, {"hashes": ["48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420"], "name": "8602"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "8042"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "8041"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "87c2"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "61c2"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "6f82"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "87c1"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "6f81"}, {"hashes": ["53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06"], "name": "61c1"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "8681"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "8682"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "5f81"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "5f82"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "9a42"}, {"hashes": ["eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e"], "name": "9a41"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "8582"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "8581"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "3e42"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "34c2"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "3e41"}, {"hashes": ["dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01"], "name": "34c1"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "bbc2"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "bbc1"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "2381"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "2382"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "38c2"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "38c1"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "5801"}, {"hashes": ["eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "name": "5802"}, {"hashes": ["cca874d7374c025c3e1a38c3b6e259a2004a474c061aec1414e8bc9e314a33de"], "name": "Global\\14b7c0e1-f524-11ea-887e-00501e3ae7b6"}, {"hashes": ["74456839650dba9a859f068c08323c303a884fd2a50aaa07f2b7ce5a76558f8e"], "name": "Global\\13ce3ba1-f524-11ea-887e-00501e3ae7b6"}], "registry": [{"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "msdb11871887.exe"}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\AUDIO\\BOX", "value_name": null}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\AUDIO\\BOX\\379C74EC6", "value_name": null}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\AUDIO\\BOX\\379C74EC7", "value_name": null}, {"hashes": ["0b061250e0882688b23620c647d2b68c70f1b96c593325e2b193e7ab3688645c", "22c76d1edc3d7f38e66d099e68554017b687e81025e7f479bbf644f6ed201f50", "48cc6b435dbc208e9c59b55d9310ec9784d0ff7ad05a0828ea9acd169f8e4420", "4bebf0eb705fdb3d522a5b362a149d6d6051264e82f8ed1ddfac134941b48428", "53f591f092df5de1b4a2eb84890c11700b0dc88fb6a913cf7b592ef8b796eb06", "5c9111b3cacaba0c5cd6d8abfb8f382d2c6726c4d1c002a5a74ff750efdfdb35", "dbc29110a5aa7b13435284d7543864a10ce9f9f7e5e617f576dcd755eb76be01", "eb1586c87ee7e840cb76001e7602d7124279ccca72f31b571d4fbcc3e1e1944e", "eca5a447dd02974fb85f07eb7a75efc1a5817008fcbc3d9800eb3ad955d1faca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\AUDIO\\BOX\\379C74EC8", "value_name": null}]}, "reports_count": 12}, "Win.Trojan.Remcos-9753190-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-uses-armadillo", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-remcos-mutex", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "modified-file-in-user-dir", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0005", "TA0002", "T1064"]}, {"bi": "files-deleted-used-vbs", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "malware-remcos-path", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-compound-cta-activity", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0005"]}, {"bi": "feed-domain-rat", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "registry-disablesuac", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-modification-reg", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "deleted-submitted-file", "hashes": ["8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "modified-file-in-system-dir", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "mitre_attack_tags": []}, {"bi": "network-private-ip-address", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-query-nxdomain", "hashes": ["de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "netbios-query", "hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "process-check-opera-appdata-folder", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "malware-generic-infostealer", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "enumeration-email-program-information", "hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "iocs": {"domain": [{"hashes": ["16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "host": "eysk[.]city"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "host": "edhrtyujffd[.]xyz"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "host": "napaneli[.]com"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "host": "4rdp[.]com"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "muhoste[.]ddnsfree[.]com"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "host": "menstyle[.]duckdns[.]org"}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "host": "boyflourish[.]myq-see[.]com"}, {"hashes": ["de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58"], "host": "mysticalsailor[.]myq-see[.]com"}, {"hashes": ["f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "host": "vikingo1928[.]duckdns[.]org"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "3houturk[.]casacam[.]net"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "foustraje[.]mywire[.]org"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "koustaeik[.]dynu[.]net"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "2houtie[.]kozow[.]com"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "host": "houstus[.]gleeze[.]com"}, {"hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7"], "host": "keking[.]myq-see[.]com"}], "file": [{"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659"], "path": "%APPDATA%\\Remcos"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659"], "path": "%APPDATA%\\Remcos\\remcos.exe"}, {"hashes": ["51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%APPDATA%\\Screenshots"}, {"hashes": ["51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531"], "path": "%APPDATA%\\MicRecords"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "path": "%APPDATA%\\Battleye"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "path": "%APPDATA%\\Battleye\\Beservice.exe"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%APPDATA%\\winlogon"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "path": "%APPDATA%\\Java\\logs.dat"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%APPDATA%\\winlogon\\winlogon.exe"}, {"hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "path": "%APPDATA%\\logs\\logs.dat"}, {"hashes": ["16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78"], "path": "%APPDATA%\\temp\\logs.dat"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "path": "%APPDATA%\\WindowsUpdateConfig-"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "path": "%APPDATA%\\config-ssh"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "path": "%APPDATA%\\config-ssh\\logs.dat"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "path": "%TEMP%\\Winzr"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "path": "%TEMP%\\Winzr\\Winzr.exe"}, {"hashes": ["4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "path": "%APPDATA%\\doc\\doc1of2.dat"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "path": "%APPDATA%\\ConfigWindows"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "path": "%APPDATA%\\ConfigWindows\\notepat.exe"}, {"hashes": ["4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "path": "%APPDATA%\\Doc\\doc1of2.exe"}, {"hashes": ["3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec"], "path": "%APPDATA%\\cos\\rem.exe"}, {"hashes": ["51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd"], "path": "%HOMEPATH%\\remcos"}, {"hashes": ["51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd"], "path": "%HOMEPATH%\\remcos\\logs.dat"}, {"hashes": ["8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59"], "path": "%APPDATA%\\Rs"}, {"hashes": ["8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59"], "path": "%APPDATA%\\Rs\\rs.exe"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%APPDATA%\\winlogon\\logs.dat"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%TEMP%\\zgymdcf"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%TEMP%\\jbmweuqkyh"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "path": "%TEMP%\\uvrpffalmphka"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "path": "%SystemRoot%\\SysWOW64\\FRClient"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "path": "%SystemRoot%\\SysWOW64\\FRClient\\cache.dat"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "path": "%SystemRoot%\\SysWOW64\\VolumeName"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "path": "%SystemRoot%\\SysWOW64\\VolumeName\\volumex64.exe"}, {"hashes": ["f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "path": "%APPDATA%\\star2\\titlelogs1.dat"}, {"hashes": ["f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "path": "%SystemRoot%\\SysWOW64\\PlayerWindows.exe"}, {"hashes": ["9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531"], "path": "%APPDATA%\\files\\logs.dat"}, {"hashes": ["b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5"], "path": "%APPDATA%\\Windows\\remcos.exe"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "path": "%SystemRoot%\\SysWOW64\\VLC"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "path": "%SystemRoot%\\SysWOW64\\VLC\\factura.exe"}], "ip": [{"hashes": ["16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78", "9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "ip": "188[.]92[.]73[.]19"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e", "f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "ip": "198[.]54[.]117[.]198/31"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659"], "ip": "185[.]140[.]53[.]233"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f", "a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "ip": "195[.]22[.]26[.]248"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "ip": "89[.]158[.]68[.]82"}, {"hashes": ["a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "ip": "198[.]54[.]117[.]197"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "ip": "91[.]193[.]75[.]10"}, {"hashes": ["9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531"], "ip": "185[.]140[.]53[.]209"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "ip": "72[.]191[.]142[.]158"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "ip": "51[.]103[.]16[.]165"}, {"hashes": ["4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330"], "ip": "185[.]19[.]85[.]174"}, {"hashes": ["3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec"], "ip": "23[.]105[.]131[.]209"}, {"hashes": ["51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd"], "ip": "91[.]92[.]136[.]136"}, {"hashes": ["8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59"], "ip": "103[.]211[.]55[.]190"}, {"hashes": ["f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58"], "ip": "77[.]247[.]127[.]173"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "ip": "193[.]27[.]228[.]31"}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "ip": "198[.]23[.]219[.]24"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "ip": "185[.]239[.]242[.]20"}, {"hashes": ["f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "ip": "46[.]246[.]80[.]68"}, {"hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7"], "ip": "136[.]244[.]108[.]136"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "ip": "91[.]193[.]75[.]247"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "ip": "194[.]99[.]104[.]35"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "ip": "139[.]47[.]100[.]27"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "ip": "139[.]47[.]3[.]161"}, {"hashes": ["de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58"], "ip": "184[.]75[.]221[.]35"}], "mutex": [{"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "name": "Remcos-<random, matching [A-Z0-9]{6}>"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "name": "Mutex_RemWatchdog"}, {"hashes": ["3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7"], "name": "Global\\6edce601-ee48-11ea-887e-00501e3ae7b6"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "name": "Gernarol-M1U559"}, {"hashes": ["562337663297dd8d928eaf9f138b9c86dca1aa7dc662c66167b7246b7f451d8b"], "name": "xcfovntriyk-YI1YC5"}, {"hashes": ["6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "name": "Remcos_1ea366cbbff4406d9ec91975af9d2185-03565P"}, {"hashes": ["16622134f1e3b12f0770a3e8c019c0f88d8bcb3a4cb92657fad1a8bfe34bdd78"], "name": "8fg4g_1x0#Dg10*&$-NAWTI9"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "name": "ssl-L5P5EQ"}, {"hashes": ["9ad82e2403953a4ff4315cc573198d73b82e56faa712e405be11ca0086a91f5f"], "name": "vV4g_1x0#Dg%2^*&$-XSWNUT"}, {"hashes": ["a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "name": "cDG4@gJ^%8@1dgrZx0-XAJ90W"}, {"hashes": ["603bbec852b4dace954ef0c061b8f0419a127798810be2c6efa246327bcc5b90"], "name": "rmc-O4PSBB"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "name": "winlogon-7WX0RC"}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "name": "Buddha-UL8D7Q"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "name": "FRClient-SLVVGT"}, {"hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "name": "FcG4^@&XJ12&((5-CKKWIW"}, {"hashes": ["a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "name": "VcR4^@&2XJ1cx2&(450x-4GP23C"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "name": "factura-14WEWM"}], "registry": [{"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": null}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": "exepath"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59", "9734025fc07e9366ab534ea3b55207b0b22294e02521b37c8eea459fd5c685b7", "9b024c44ab5559d69c8a1977ee51d47e00f78a7ed51908ac31accbe113124531", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "de94420cf4ee5151412dd3946dcc58ac75cc7d609caf9d7e0d12b446665b9e58", "f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": "licence"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos"}, {"hashes": ["35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Remcos"}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "35add3203117cff16c22c164752cf9e1a54256cd26d73434f83f57cc1b5ff99c", "3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "aa7b5fdddb847580f8640d14982a16d8c9a7c47fc834f1af2a6f3dc5f20709e9", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7", "f75f3739e2c6f66512ad7d2469cfabaca4fcd97bf8b9ed8b1eb509bf93553659", "f7e76688d21158c2dad451208687133fadb92491675c1fb25e03379b19811b43"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": "WD"}, {"hashes": ["3ae35f2e1b9153b00d5db14571899a668e0099698410b43de9966c50f59d10ec", "51b35a444a56ba73978be72576f80d613539a28f7af4cf32820c355303a629cd", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a", "4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5", "d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f", "f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["02aedadce5196af662edfd0f7b99815a57bf9a6a5092de5f0c183d035cbe3079", "6328b867873245ccc983b23f0f46adaa6605de4850168bdb53a1d57a43fb2bf0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BEService"}, {"hashes": ["4dc2e58ed79ca9bfa091735a9a807024ebae00d6c8bbf1ec8640a3435ae45330", "b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Remcos"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "termsrvs"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "termsrvs"}, {"hashes": ["4b1930df96f03175f9284c8fa82028b7afaba6ff57ac3390417f430f12f2a00a"], "key": "<HKCU>\\SOFTWARE\\GERNAROL-M1U559", "value_name": "exepath"}, {"hashes": ["73dbd72d7233279ef53a2a34c8863d8a283d21e390fbe90f0ea09c68978a5678"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["a9c9ca17a9349e8d2e53b26ea32b64338d0172d4026e773ee1a863bbe00cc898"], "key": "<HKCU>\\SOFTWARE\\CDG4@GJ^%8@1DGRZX0-XAJ90W", "value_name": "licence"}, {"hashes": ["8c9a46ffb93b53c2141ae50d99e106bd29d294e474e227f6097a79742d717d59"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Ros"}, {"hashes": ["f4e408ab422ae079d1e3ff9abdaa1bc6f8b16188bf434ac5be5076245eb5fe58"], "key": "<HKCU>\\SOFTWARE\\REMCOS-K4PF81", "value_name": "Inj"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKCU>\\SOFTWARE\\WINLOGON-7WX0RC", "value_name": null}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "winlogon"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "winlogon"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "winlogon"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKCU>\\SOFTWARE\\WINLOGON-7WX0RC", "value_name": "exepath"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKCU>\\SOFTWARE\\WINLOGON-7WX0RC", "value_name": "licence"}, {"hashes": ["f80a274e0ceebbc550aa670634c5d31882e4d7668a59bf7ea57348d033cd0298"], "key": "<HKCU>\\SOFTWARE\\WINLOGON-7WX0RC", "value_name": "WD"}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "key": "<HKCU>\\SOFTWARE\\BUDDHA-UL8D7Q", "value_name": null}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "key": "<HKCU>\\SOFTWARE\\BUDDHA-UL8D7Q", "value_name": "exepath"}, {"hashes": ["ddc132e99df7a70778fa7e599495191587c6256e4ca7bff35dfe5f7c47b8a3c2"], "key": "<HKCU>\\SOFTWARE\\BUDDHA-UL8D7Q", "value_name": "licence"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "key": "<HKCU>\\SOFTWARE\\FRCLIENT-SLVVGT", "value_name": null}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "FairReality"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "key": "<HKCU>\\SOFTWARE\\FRCLIENT-SLVVGT", "value_name": "exepath"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "key": "<HKCU>\\SOFTWARE\\FRCLIENT-SLVVGT", "value_name": "licence"}, {"hashes": ["c8673eb7006a94e17267dfa992316f2f72998c9949d4fa820ceec52d4d0dd885"], "key": "<HKCU>\\SOFTWARE\\FRCLIENT-SLVVGT", "value_name": "WD"}, {"hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "key": "<HKCU>\\SOFTWARE\\FCG4^@&XJ12&((5-CKKWIW", "value_name": null}, {"hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "key": "<HKCU>\\SOFTWARE\\FCG4^@&XJ12&((5-CKKWIW", "value_name": "exepath"}, {"hashes": ["f89cc7f859df4c6117d3c0e6bd4bd4bf2bf630dbac34af4a6dd280532b37e389"], "key": "<HKCU>\\SOFTWARE\\FCG4^@&XJ12&((5-CKKWIW", "value_name": "licence"}, {"hashes": ["a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "key": "<HKCU>\\SOFTWARE\\VCR4^@&2XJ1CX2&(450X-4GP23C", "value_name": null}, {"hashes": ["a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "key": "<HKCU>\\SOFTWARE\\VCR4^@&2XJ1CX2&(450X-4GP23C", "value_name": "exepath"}, {"hashes": ["a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e"], "key": "<HKCU>\\SOFTWARE\\VCR4^@&2XJ1CX2&(450X-4GP23C", "value_name": "licence"}, {"hashes": ["b0e37eb993783beb511aed001a6950ea9b10082089194bac68bd6efddb1d40d5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Remcos"}, {"hashes": ["d9d3ccc809cfdff9db02f6412369480ca58b1e4f15de78bcdb7085c4a397fcc7"], "key": "<HKCU>\\SOFTWARE\\REMCOS-A4XBLA", "value_name": "Inj"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKCU>\\SOFTWARE\\FACTURA-14WEWM", "value_name": null}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "factura"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "factura"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "factura"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKCU>\\SOFTWARE\\FACTURA-14WEWM", "value_name": "exepath"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKCU>\\SOFTWARE\\FACTURA-14WEWM", "value_name": "licence"}, {"hashes": ["d406d8aa015f935f5ccfb63e94c980fcf49cc1a0edd884b5e2944e0c668c775f"], "key": "<HKCU>\\SOFTWARE\\FACTURA-14WEWM", "value_name": "WD"}]}, "reports_count": 29}, "Win.Virus.Xpiro-9752316-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "file-ini-read", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "pe-uses-dot-net", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-action-center-disabled", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-with-multiple-children", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-service-type-modified", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "malware-xpiro-mutex", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": []}, {"bi": "registry-disable-smartscreen", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "pe-imports-empty", "hashes": ["38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "iocs": {"domain": [], "file": [{"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Windows Media Player\\wmpnetwk.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\FXSSVC.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\UI0Detect.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\ieetwcollector.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\msdtc.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\msiexec.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\snmptrap.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\sppsvc.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\wbengine.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\ehome\\ehrecvr.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\ehome\\ehsched.exe"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\ighnagcm.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\iibndipn.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\jiianoje.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\kefbfhkg.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\kfefgkli.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\qfemblig.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\cpkcoelj.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\nlfifejp.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\7-Zip\\dklkkafp.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\7-Zip\\klonohhl.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\7-Zip\\nklemblo.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\7-Zip\\nnknaeep.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\MSInfo\\gakpqfhp.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OFFICE14\\nimidobm.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\VSTO\\10.0\\knqknjlo.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\akaajeom.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\eqiodbdg.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\gdaoemja.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\onakajab.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\DVD Maker\\gmoggjie.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Internet Explorer\\emdpmifb.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Internet Explorer\\odadaonc.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\aglddoil.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\bhlnifll.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\onnmbqjl.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\ckillgah.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\feqkbkgm.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\gnciljmn.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\chrome.manifest"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\chrome\\content.jar"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\components\\rooka.js"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\install.rdf"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F03B078B-C6D6-43A9-A019-D1542A995997}.crmlog"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\llopmkim.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%System32%\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}], "ip": [{"hashes": ["bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx1"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx64"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx65"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx66"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx67"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx68"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx69"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx70"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx71"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx72"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx73"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx74"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx75"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx76"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx77"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx78"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx79"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx80"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx81"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx82"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx83"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx84"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx85"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx86"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx87"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx88"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx89"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx90"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx91"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx92"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx93"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx94"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx95"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx96"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx97"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx98"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx99"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "gazavat-svc"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx31"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx32"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx33"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx34"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx35"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx36"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx37"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx38"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "kkq-vx_mtx39"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "gazavat-svc_31"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "name": "Global\\OfficeSourceEngineMutex"}], "registry": [{"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\ACCESSIBILITY, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\CUSTOMMARSHALERS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MICROSOFT.VISUALBASIC, VERSION=10.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONCORE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK.AERO, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.CONFIGURATION, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.CONFIGURATION.INSTALL, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.CORE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.DATA, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.DIRECTORYSERVICES, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.DRAWING, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.MANAGEMENT, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.RUNTIME.REMOTING, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.SERVICEPROCESS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.TRANSACTIONS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.WEB.SERVICES, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.WINDOWS.FORMS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.XAML, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.XML, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\WINDOWSBASE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "RuntimeVersion"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\ACCESSIBILITY, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\ACCESSIBILITY, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\CUSTOMMARSHALERS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\CUSTOMMARSHALERS, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MICROSOFT.VISUALBASIC, VERSION=10.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MICROSOFT.VISUALBASIC, VERSION=10.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONCORE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONCORE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK.AERO, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\PRESENTATIONFRAMEWORK.AERO, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=31BF3856AD364E35\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.CONFIGURATION, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "ImageList"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM.CONFIGURATION, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A\\1", "value_name": "Status"}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL", "value_name": null}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDEXECUTE", "value_name": null}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDEXECUTE\\SERVER", "value_name": null}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDFILEEDITING", "value_name": null}, {"hashes": ["00cae541f806bef35e8b7056c18f0fbfcf4271b5041194773f6ab07af8c17855", "1da9498f9d75574bdbb6969ab423b559c370d61603e7c66ef7dd34efc168af71", "21a5c373438de8a85a6bf798b24406a7658c0ac376d8820341dc5b973fb6bfde", "2478553b39a47ac319550e9bf65c12cc08944bb61d60e8aabb8e48a751f94359", "38ee02819c5d7d6a0336730be9aee691c42d12d09b5982197a4bbc7fc411374e", "5b70fd5e886fc50ce1339c79843adb520e5197f9c759c7c00f15bfce1b946b4f", "6737302d9422c8720861a818d7b042682c9f7b5b04a409b1f7dfc81b6e41381e", "a178d3644ef3f1d41b93ccf94aaab483fb87a80aeb1fcf4d944b0cc3d5d80c73", "b5e655696e1807c5f4ce0f7f86cfe988f92206a5cc0960c9d4d871922551a1bc", "b9b702693b83d22988ae375b1b080128155c9e36cdb949c261797f2c4960f99b", "bbb8bf6f5c8ff6d1028ba95bd64ddf19175e8a78ef6cea48eabf7fe125112d2e", "cb08c29f457ad766d086cff777eed87baa4796c4f29bb92239f99107ecaded91", "cba09cb5056c6ea03b6d42d0528df900ae55b41a47dc211f44163c8ef250d06a", "cdfadce2ce67b7448c509d6e9b6a5d7e23aab7b5b4c7659cb83327ea2eb5ebc0", "ddb9c3a37b16026ae097ded0b9209c6927bf31e616a18a4649651eb9fc7e07a2", "e8f9007dd8e35219d165220e6eec14c0e675ce6c7c1ad83828e83ed2f98997d7"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDFILEEDITING\\SERVER", "value_name": null}]}, "reports_count": 16}, "exprev": [{"count": 5876, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 4104, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 3413, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 2464, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 575, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 558, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 390, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 326, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 295, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 104, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 92, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 86, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 32, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 21, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 20, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 11, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 8, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 8, "description": "A process injection was detected that is most likely caused by an existing Qakbot infection. Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence on a system.", "name": "Qakbot injection detected"}, {"count": 5, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-09-18T15:22:58+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Dridex-9751859-1", "Win.Packed.Emotet-9754668-0", "Win.Malware.Arkei-9753125-1", "Win.Dropper.DarkComet-9755620-0", "Win.Dropper.Gandcrab-9752130-0", "Win.Dropper.Shiz-9755163-0", "Win.Virus.Xpiro-9752316-1", "Win.Trojan.Remcos-9753190-0"]}