{"Win.Dropper.Emotet-9802602-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112"]}, {"bi": "currentcontrolset-service-added", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1547"]}, {"bi": "hook-installed", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "deleted-submitted-file", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "malware-emotet-service-detected", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1543"]}, {"bi": "nginx-webserver-detected", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": []}, {"bi": "windows-util-gpupdate", "hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1484"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8"], "iocs": {"domain": [], "file": [{"hashes": ["d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "path": "%SystemRoot%\\SysWOW64\\olepro32"}, {"hashes": ["aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576"], "path": "%SystemRoot%\\SysWOW64\\input"}, {"hashes": ["664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef"], "path": "%SystemRoot%\\SysWOW64\\mfc100esn"}, {"hashes": ["c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600"], "path": "%SystemRoot%\\SysWOW64\\msxml3"}, {"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb"], "path": "%SystemRoot%\\SysWOW64\\msvcirt"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "path": "%SystemRoot%\\SysWOW64\\wpdshext"}, {"hashes": ["fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8"], "path": "%SystemRoot%\\SysWOW64\\davclnt"}, {"hashes": ["b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4"], "path": "%SystemRoot%\\SysWOW64\\netcfgx"}, {"hashes": ["a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5"], "path": "%SystemRoot%\\SysWOW64\\systray"}, {"hashes": ["bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18"], "path": "%SystemRoot%\\SysWOW64\\RMActivate_isv"}, {"hashes": ["deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c"], "path": "%SystemRoot%\\SysWOW64\\rsaenh"}, {"hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5"], "path": "%SystemRoot%\\SysWOW64\\msnetobj"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e"], "path": "%SystemRoot%\\SysWOW64\\comres"}, {"hashes": ["900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "path": "%SystemRoot%\\SysWOW64\\polstore"}, {"hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "path": "%SystemRoot%\\SysWOW64\\odbccr32"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "path": "%SystemRoot%\\SysWOW64\\pdhui"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0416"}], "ip": [{"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8"], "ip": "83[.]110[.]222[.]32"}, {"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "a968f3dfac31ada131477dba93a7f79db71dcc9fb7d2c5f2c6e98aff68fcd6e5", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c", "f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8", "fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8"], "ip": "186[.]137[.]19[.]52"}, {"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb", "287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8", "376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4", "bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18", "deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c"], "ip": "37[.]247[.]101[.]241"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "ip": "181[.]58[.]181[.]9"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "ip": "190[.]251[.]216[.]100"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "ip": "54[.]36[.]185[.]60"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6", "900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "ip": "202[.]79[.]24[.]136"}, {"hashes": ["900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "ip": "111[.]67[.]12[.]222"}, {"hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5"], "ip": "110[.]145[.]11[.]73"}, {"hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5"], "ip": "96[.]252[.]116[.]33"}], "mutex": [{"hashes": ["84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7"], "name": "Global\\b2caa881-360e-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["376644248967d606a6603e20406170d51ef0ebf2fe558bfd1d63eecb56c6076e", "664302d1cbe6cb663e1b47019bf28914c348dde9a060bff968c9e232506733ef", "84ef881d77235ce0b9e28c6c071e4a527d760aa0711a94c8868945258a6602b7", "aa12adf079d46b70df6e5903cefa3177c2ef7dc120de4652ee17f21363d5e576", "d8b897f36e0fe1276482182bc7ee4cade32cc14f9386ffaa77cb85e937a3aa55"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LODCTR", "value_name": "DisplayName"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LODCTR", "value_name": "WOW64"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LODCTR", "value_name": "ObjectName"}, {"hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DXTRANS", "value_name": "ImagePath"}, {"hashes": ["deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IR41_QCX", "value_name": "ImagePath"}, {"hashes": ["b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPPS", "value_name": "Description"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": null}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "Type"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "Start"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "ErrorControl"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "DisplayName"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "WOW64"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "ObjectName"}, {"hashes": ["bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RSHX32", "value_name": "Description"}, {"hashes": ["c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ENCDEC", "value_name": "Description"}, {"hashes": ["deb42d10d75557a8c96ea39ae0220dd1dfd829d5374ab9094677888299a95d1c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IR41_QCX", "value_name": "Description"}, {"hashes": ["6235cb76131d1a50d16318e26dadd995cd2aee85c8eb5b0173cc8241c9d4a3a5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DXTRANS", "value_name": "Description"}, {"hashes": ["900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ICARDIE", "value_name": "Description"}, {"hashes": ["b00d5896e485a3081659788cb84c7c4d0692b6c8b751d57f21b4eaa8210a52b4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMPPS", "value_name": "ImagePath"}, {"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSTORAUTHN", "value_name": "ImagePath"}, {"hashes": ["c47ea8dbda9255b17dc3c29bdc16786bc0cc5e2d30bea17c7c3db02e83e75600"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ENCDEC", "value_name": "ImagePath"}, {"hashes": ["09e38ad469ebb81937c1b10eaf3a739787632bb8ae181cbf5790151bf33948fb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSTORAUTHN", "value_name": "Description"}, {"hashes": ["900b45e74d63d31d6e256578d1e111abda9b7884cb4fae38d32875857a07725d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ICARDIE", "value_name": "ImagePath"}, {"hashes": ["fd6e331c073461e085c665fa2b272402eb928336778fd18ba5f125d0893f46e8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ODBCBCP", "value_name": "Description"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LODCTR", "value_name": "ImagePath"}, {"hashes": ["bccf0b192412b8901ebef34760a8ae6dae924c71b5610af5b6878456391b0c18"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RSHX32", "value_name": "ImagePath"}, {"hashes": ["f879de51bc9e1ff40d32d1bd162a12683a21fb415a9d1703450cdc39e27d24c8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LODCTR", "value_name": "Description"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "ImagePath"}, {"hashes": ["287a7c162ca363d8bb8d359a8a957fc048eaed218e1d2fe98fc8cc9e072b1fb8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PUSHPRINTERCONNECTIONS", "value_name": "Description"}, {"hashes": ["7d687d5e1616ba9372c1978222de70265c5ecd62dc04d6986b9f3349f84fa6a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GAMEUX", "value_name": "Description"}]}, "reports_count": 17}, "Win.Dropper.Gh0stRAT-9802375-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": []}, {"bi": "pe-header-numofsymbols", "hashes": ["4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-xtreme-rat-registry-key", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-compound-cta-activity", "hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-dns-safe-categories", "hashes": ["9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dns-dynamic-domain", "hashes": ["9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": []}, {"bi": "malicious-domain-contacted", "hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "mitre_attack_tags": ["TA0011"]}, {"bi": "modified-file-in-user-dir", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": []}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-process-creates", "hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "created-executable-in-user-dir", "hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-with-multiple-children", "hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-requested-softice", "hashes": ["0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": []}, {"bi": "pe-section-blank-name", "hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-asprotect", "hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["061833f8a5a832097aab274769a3db59a3bd8886c5ee8e12224ec4a739aa97fa", "0b239301ec2c501802b7580db60fc51a5b10cf9a41922a0311409a1100d61b84", "1d70e3972fc2b676dceb9a6c7eec4e1096a35ad6e70c60089f92759d6e67ae5a", "21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66", "22323c4ffb970c519bb2a916d12c932ee5e41572418ffaeff956e485d47cd38e", "24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "2b47467fecc2d2c0842722ac992cffcb7a6d67367c2a300ad98d097313d18ecf", "2b5e2da6d315c644743753dd4e1e592637141cfd4dba494904b1b006f61a14ef", "2f3c45e1af30c17934971cd1e5cf6f69aa98511d4735e82e16dff72bbb9a8e76", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "3987db32e8df8aaab2cec8703554cef010ce9edeb5ba5d50ae42fc5a49df0c8e", "3d5c2c1924c219f5cc196beb76b6c0b2443498cf26964400e4a38f1a32b5f721", "48d0884c818445c9bc19d64834df519bb76d392993fba9d3d1938aaef1ef058c", "4c1f0fec04f52728f1a4f5424d284a80c8428a49a5c152b85bb336638f494639", "62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081", "6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467", "709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719", "75a776755bfdd3cfb59286c4feaf6d7216f40f98b6a624ff516dd50abfa26546", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb", "9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac", "98f4bdd4b0c67f6517c28c0c6a90bb72e1ec1af83fe0fa3ff6955084827f1c87", "99a688d64100bfaa1873af2c25b309d580a74ec58cfc6099cf9cf8730cbf0044", "9c2c100cf92b837dac696da67bcffa7625815dd89619dd8aabbce74aba8e82cc", "9edbc4ba8d452c9ac092706c1200d8ab0e48e9b24f6b4b94b5327fc9b45036db", "aa922c3eef85eacc43f85181b300f3c57ab2ba888af38d85545a6539bc896c77", "ac0812a612475cdd1543d2b6ac77e0fe6bc14ecffeaa54f02e830eb18d948788", "ad523a9236227fa1363250fc7a584112d0fb340c3b121a93fa8c5f3584589b75", "b1200636c5137065dfa0c47290db7abbb9527b7763bc5806455affab08c77580", "ce216c9dfbac6c2b256892f5196651574928c97af42f103bd007b8f7268fb3ed", "d7a721caf4f82057a2cffc499346e5523c9cc43ef121456e81b438a9f77ab8f8", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c", "e4bffab596f3c5db9e607222bd5c478c60d5cddd5fdcb1dce4e553b22558c729", "e8f20d61f340c47901d37dea20421011c8e7b55b7d320575c158d6c925d1d1a6", "ed7824659d6bb072d2065701f30129c396d6da5459c18b7f91208a13b29ef2e0", "f552f2a8e0a8c491bc6b281724dcfa4992f4375e56d33073ba38227479e902dd", "f820b0c98571e6b7bdf7ddedf9e01171b89d0cfb4f6a64f10344e2a3fd1a01f6"], "iocs": {"domain": [{"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "host": "roma1996[.]no-ip[.]org"}, {"hashes": ["62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c"], "host": "a13932873816[.]f3322[.]org"}, {"hashes": ["63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac"], "host": "cescmouad[.]zapto[.]org"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "host": "mohamedmmk[.]zapto[.]org"}], "file": [{"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "path": "%SystemRoot%\\InstallDir"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "path": "%SystemRoot%\\InstallDir\\Server.exe"}, {"hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "path": "%TEMP%\\x.html"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "path": "%APPDATA%\\--((Mutex999))--.dat"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).cfg"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "path": "%APPDATA%\\InstallDir"}, {"hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "path": "%System32%\\Bifrost\\server.exe"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).dat"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "path": "%APPDATA%\\InstallDir\\schov.exe"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "path": "%APPDATA%\\Microsoft\\Windows\\SiLAr.cfg"}, {"hashes": ["6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081"], "path": "\\TEMP\\6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081.exe-up.txt"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "path": "%APPDATA%\\Microsoft\\Windows\\SiLAr.dat"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "path": "%SystemRoot%\\InstallDir\\erxll.exe"}, {"hashes": ["21e804b8efe086dbdfd6c4fd6613827dbc5848447883b0659ee8a0f328b27f66"], "path": "\\464028622.exe-up.txt"}, {"hashes": ["6c4c05531de14f22fa28e17b4780402c6d0ba596893c80a5f2f4d54cdea87081"], "path": "\\464028644.exe-up.txt"}], "ip": [{"hashes": ["62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c"], "ip": "118[.]193[.]233[.]10"}, {"hashes": ["3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4"], "ip": "173[.]194[.]207[.]113"}, {"hashes": ["9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4"], "ip": "173[.]194[.]207[.]102"}, {"hashes": ["9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4"], "ip": "173[.]194[.]207[.]100/31"}, {"hashes": ["9152892c70648ac51000106eadd8030e14a31b17145fd6f036dd6272b11945e4"], "ip": "173[.]194[.]207[.]138/31"}], "mutex": [{"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "name": "XTREMEUPDATE"}, {"hashes": ["62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1", "e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c"], "name": "a13932873816.f3322.org"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "name": "--((Mutex999))--"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "name": "--((Mutex999))--PERSIST"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "name": "--((Mutex999))--EXIT"}, {"hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3"], "name": "--((Mutex))--"}, {"hashes": ["3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3"], "name": "--((Mutex))--PERSIST"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "name": "((Mutex))"}, {"hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "name": "Bif1234"}, {"hashes": ["6eed9f824e3fa66a6893d54841eb74dfdfdba24bd3c2affbfbe64f2a5c8c3467"], "name": "0ok3s"}, {"hashes": ["e347ced607de94a87801a27edc9b3faec0551829dbd78294748d93460e28346c"], "name": "C:\\TEMP\\75880ef2b1fbfd5e76fb0187209d561c.exe"}, {"hashes": ["62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1"], "name": "C:\\TEMP\\62063120f188c1272bd4673763a67d297192f3aa2b23208840aa359bacc2a7c1.exe"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "name": "SiLAr"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "name": "SiLArPERSIST"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "name": "SiLArEXIT"}, {"hashes": ["709e075d241ab412c961beb25f37669fd28515b0c1b3952f65c4ae3753516719"], "name": "gogo"}], "registry": [{"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": null}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3725358403b7c0a541024567884417e999dbdbc54c4709a383f052270db350a3", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b", "63add2cca5a5c2e505616771fabf419cc04f1aea1b214c3348c155683ff16dc4", "9752a5294e59ec46bbc18cde6f1ec0dcc3497ce6843d35d20dd8dc1d09ac9aac"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": "Mutex"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": null}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": "ServerName"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{BE3SENU1-028P-RA7C-TPBU-6SP145IL8VYM}", "value_name": null}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{BE3SENU1-028P-RA7C-TPBU-6SP145IL8VYM}", "value_name": "StubPath"}, {"hashes": ["24b2328578f28de565e7d7c6f2fa521b8f5e155b07f3e0ac5932e5ec33d55b7f", "3832b21e6d372ce8e3141ed14b7c36d8a9703dfba0206af441681af03efe3d2b"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": "ServerStarted"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": null}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": null}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "key": "<HKCU>\\SOFTWARE\\SILAR", "value_name": null}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{268440QE-82NW-T265-8D28-T8YA6XD4LE6B}", "value_name": null}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "key": "<HKCU>\\SOFTWARE\\SILAR", "value_name": "ServerStarted"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{268440QE-82NW-T265-8D28-T8YA6XD4LE6B}", "value_name": "StubPath"}, {"hashes": ["36a541cd5ad11443cb607f714081de260c39861fb4775e425fac5158752d967d"], "key": "<HKCU>\\SOFTWARE\\SILAR", "value_name": "InstalledServer"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "erxl"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "erxl"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "InstalledServer"}, {"hashes": ["88fbd8e0069f74a4e8744f2a58907b66159631966e4f4df993bae4f1f6402acb"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "ServerStarted"}]}, "reports_count": 26}, "Win.Dropper.Remcos-9802952-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-discord-domain-detected", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "modified-file-in-user-dir", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-protocol", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "network-dns-category-dynamic", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "malware-avemaria-file-path-detected", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "process-hollowing-detected", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-redirect", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-dns-category-cnc", "hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "excessive-tcp-connections", "hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "dns-dynamic-domain", "hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "mitre_attack_tags": ["TA0011"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "iocs": {"domain": [{"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "host": "discord[.]com"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157"], "host": "digicon[.]com[.]mx"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "host": "shops[.]myshopify[.]com"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "host": "style[.]ptbagasps[.]co[.]id"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "host": "insidelife1[.]ddns[.]net"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "host": "efiigbo9[.]duckdns[.]org"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "host": "uzbektourism8739[.]ddns[.]net"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7"], "host": "waxb[.]ddns[.]net"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "host": "export[.]zapto[.]org"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "host": "www[.]longhuixiang[.]com"}, {"hashes": ["7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0"], "host": "graceland777[.]ddns[.]net"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "host": "www[.]cnyxcb[.]com"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "host": "www[.]hklangbin[.]com"}, {"hashes": ["26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87"], "host": "airseaalliance[.]com"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "host": "www[.]jiyami[.]com"}], "file": [{"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "path": "%ProgramFiles%\\Microsoft DN1"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "path": "%LOCALAPPDATA%\\Microsoft Vision"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%TEMP%\\DB1"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "path": "%APPDATA%\\remcos"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Ubpkdrv.exe"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "path": "%LOCALAPPDATA%\\kpbU.url"}, {"hashes": ["7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Rrfkdrv.exe"}, {"hashes": ["7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "path": "%LOCALAPPDATA%\\kfrR.url"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Uenpdrv.exe"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%LOCALAPPDATA%\\pneU.url"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%APPDATA%\\84158DQ4\\841logim.jpeg"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%APPDATA%\\84158DQ4\\841logrf.ini"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%APPDATA%\\84158DQ4\\841logrg.ini"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%APPDATA%\\84158DQ4\\841logri.ini"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "path": "%APPDATA%\\84158DQ4\\841logrv.ini"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Ekdqdrv.exe"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "path": "%LOCALAPPDATA%\\qdkE.url"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Xfyudrv.exe"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7"], "path": "%LOCALAPPDATA%\\uyfX.url"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Puagdrv.exe"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "path": "%LOCALAPPDATA%\\gauP.url"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Lneodrv.exe"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "path": "%LOCALAPPDATA%\\oenL.url"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Edcvdrv.exe"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "path": "%LOCALAPPDATA%\\vcdE.url"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Gkojdrv.exe"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "path": "%LOCALAPPDATA%\\jokG.url"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "path": "%APPDATA%\\microsoftwndddows98\\logs.dat"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "path": "%APPDATA%\\microsoftwndddows98"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Tkqfdrv.exe"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "path": "%LOCALAPPDATA%\\fqkT.url"}], "ip": [{"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "ip": "162[.]159[.]135[.]232/31"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a", "ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "ip": "162[.]159[.]138[.]232"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7", "7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "ip": "185[.]140[.]53[.]129"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "ip": "79[.]134[.]225[.]75"}, {"hashes": ["b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7", "c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157"], "ip": "67[.]217[.]34[.]36"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "ip": "162[.]159[.]129[.]233"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "ip": "162[.]159[.]128[.]233"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "ip": "79[.]134[.]225[.]76"}, {"hashes": ["26a87111706cea17c6c109529a0f0b88b6608674bdee40a5f22c36660c1b7d87"], "ip": "198[.]136[.]51[.]123"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "ip": "216[.]38[.]7[.]231"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "ip": "162[.]159[.]136[.]232"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "ip": "162[.]159[.]137[.]232"}, {"hashes": ["ff23e674f9d6ddaed90d3302f5bf2321e651aeb31b878f19d15f81f528a5e2e2"], "ip": "23[.]46[.]239[.]18"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "ip": "154[.]127[.]53[.]33"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "ip": "23[.]227[.]38[.]74"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "ip": "154[.]219[.]109[.]117"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "ip": "194[.]5[.]98[.]14"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "ip": "37[.]139[.]64[.]106"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "ip": "193[.]112[.]252[.]5"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01"], "ip": "154[.]218[.]86[.]242"}], "mutex": [{"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b", "4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a", "d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2", "d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "name": "-05483U"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7"], "name": "-"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "name": "Remcos-EQUZJ7"}, {"hashes": ["b40353ee592318cf135892467a2b0dd534737c35cf18aca8fd52535776757aa7"], "name": "Global\\a9f2cbb1-36d7-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "name": "Remcos-6OIDK4"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "name": "Remcos-85Q2ZF"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "name": "microsoftwndddows98-Q8G3TQ"}, {"hashes": ["c0a1e8abafb7bb3a59400123502c57f4b5fabbe886ddf1064a785261704bd157"], "name": "Global\\cf0bf671-36e0-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\100GT6LMW5", "value_name": null}, {"hashes": ["7c9e7b4737e7924b3ae4e319b8fe471001328703e7408532050ab0371af8a8d0", "9eb32ce490c4ef9d5bc0759534b299814e90573df8db73efcae24afe30ab99e2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Rrfk"}, {"hashes": ["18ef79513b6dc4d43f4f82eafe8f959e28241d9f59014455e8d41ed46bc4af01", "eea78aab7fd56e8f2fe565d66dc622c0b0915214916fac9bf5da42aa37001b7a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Uenp"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "key": "<HKCU>\\SOFTWARE\\-05483U", "value_name": null}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "key": "<HKCU>\\SOFTWARE\\-05483U", "value_name": "exepath"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "key": "<HKCU>\\SOFTWARE\\-05483U", "value_name": "licence"}, {"hashes": ["4e2aa3d570b2e8c60bcd80195037ea40236d0bc3d4179aed6adca240523667f3", "dfa55212542ed697d1dba24d643315d5b3b3cbd659b68a11f9174a68fdaf4cf6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Ubpk"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\5RL776V9TH", "value_name": null}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "key": "<HKCU>\\SOFTWARE\\REMCOS-EQUZJ7", "value_name": null}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "key": "<HKCU>\\SOFTWARE\\REMCOS-EQUZJ7", "value_name": "exepath"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "key": "<HKCU>\\SOFTWARE\\REMCOS-EQUZJ7", "value_name": "licence"}, {"hashes": ["5c06343836eaa10ed0250933b91b96c8a2700235a137752fc44ee0bdc00e2ac7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Xfyu"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6OIDK4", "value_name": null}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6OIDK4", "value_name": "exepath"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6OIDK4", "value_name": "licence"}, {"hashes": ["d7a010fb8a426b4f7fe0a79398d16f783d93fd369325284e69c572ee691d7e73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Puag"}, {"hashes": ["d777254c6eee49e645f44e29d7b7b428c00511387ba18910b9ab7237f22f04c2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Lneo"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "key": "<HKCU>\\SOFTWARE\\REMCOS-85Q2ZF", "value_name": null}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "key": "<HKCU>\\SOFTWARE\\REMCOS-85Q2ZF", "value_name": "exepath"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "key": "<HKCU>\\SOFTWARE\\REMCOS-85Q2ZF", "value_name": "licence"}, {"hashes": ["59c12ee8b180171de9dd2a94274240b0e5c905c81f3fc9af50ca2bd0407dbf3a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Edcv"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFTWNDDDOWS98-Q8G3TQ", "value_name": null}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFTWNDDDOWS98-Q8G3TQ", "value_name": "exepath"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFTWNDDDOWS98-Q8G3TQ", "value_name": "licence"}, {"hashes": ["2ab935432fa967a19d4032a45858b90881ebdb5e509a3b750ebe824e4726301a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Ekdq"}, {"hashes": ["2973998f22457af15ac0f1a3833eaf90d4b903b66ffc8c7ef5a8805118928f8b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Gkoj"}, {"hashes": ["17ce305b1d7dc60edc0264f667fe3240748b1df6afbe52311b8cc4da4940b6a2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Tkqf"}]}, "reports_count": 17}, "Win.Dropper.njRAT-9803023-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-tls-callback", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "modified-file-on-usb", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "startup-folder-modification", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "pe-section-blank-name", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-direct-io", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0007", "TA0005", "T1120"]}, {"bi": "pe-packed-asprotect", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "registry-parseautoexec", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-known-trojan-av", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "cmd-exe-file-execution", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-remcos-mutex", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": []}, {"bi": "process-requested-softice", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-remcos-registry", "hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "iocs": {"domain": [], "file": [{"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "path": "\\TEMP\\aspr_keys.ini"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "path": "%APPDATA%\\ASound.exe"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ABsound.exe"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "%APPDATA%\\remcos"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "%APPDATA%\\remcos\\remcos.exe"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "%TEMP%\\install.bat"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "path": "\\Device\\ConDrv"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "E:\\remcos.exe"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "%APPDATA%\\remcos\\aspr_keys.ini"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "path": "\\remcos.exe"}], "ip": [{"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "ip": "84[.]200[.]65[.]36"}, {"hashes": ["82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "name": "a9265285803fa7f0a7cfb92adf60ae69V2lyZQ=="}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "name": "Remcos-HQ23DY"}], "registry": [{"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\A9265285803FA7F0A7CFB92ADF60AE69", "value_name": null}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\A9265285803FA7F0A7CFB92ADF60AE69", "value_name": "hp"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\A9265285803FA7F0A7CFB92ADF60AE69", "value_name": "i"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2", "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab", "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06", "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f", "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050", "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0", "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085", "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7", "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386", "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133", "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\A9265285803FA7F0A7CFB92ADF60AE69", "value_name": "kl"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos.exe"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "key": "<HKCU>\\SOFTWARE\\REMCOS-HQ23DY", "value_name": null}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b", "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e", "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88", "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042", "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c", "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9", "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d", "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a", "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9", "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500", "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "key": "<HKCU>\\SOFTWARE\\REMCOS-HQ23DY", "value_name": "EXEpath"}, {"hashes": ["5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5e2e9a36ea2fda5b9ec0636a657a5e8d79cb4d95541a3f22e757213390b36b06.exe"}, {"hashes": ["1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1dc0ac772a666dda0056c5bc75333b62b3c8439bc3375df1c673a516c4bf54c2.exe"}, {"hashes": ["da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "da71a0198b8df9450eb5c3ba24c38a6454d439be512d8da2cffbcb88596f9386.exe"}, {"hashes": ["f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "f0ae868389da2c5d56ff3aa7305941c0b71bc1c36905bd77ade2777bbeabd48e.exe"}, {"hashes": ["778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "778d23ab8e41268bfa52dd24585c148fb0ab31ae6be2879ddb6ff0a89e5d6050.exe"}, {"hashes": ["e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e2d6913ff68b457b4a9b96c67d1a18709cfae25bc31e57a229bdc8c59e194133.exe"}, {"hashes": ["5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5bcf5a666f3c462b8fa0330698e9571c7c679fba53e7bafc90ba4e4df112ceab.exe"}, {"hashes": ["caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "caccbf129ab338b2fee9435afbd1bf2c97973020dde2444c02762c9c207bd6c7.exe"}, {"hashes": ["67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "67280c082dcddf152bd01b2de9483877e9c37e580dd5a553b651afb5bd2f549f.exe"}, {"hashes": ["b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b000b74268695280cba4bb15c6ecc4077779db73615a1f57d78ae2edc2417085.exe"}, {"hashes": ["82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "82e62056e373804065c4344729e19a7ba2290fb50c786bec211dfe24b5f5d3d0.exe"}, {"hashes": ["3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3bd38058c26c23156c5a0f448544e49e4b6bcf9320d7c436ad9c10107325368e.exe"}, {"hashes": ["8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8788f21e7596e1d46e92c7e8eb7beedd54eee2c4b8a37a939f73a8ddc80bdb2c.exe"}, {"hashes": ["a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a871b6d6330b979e32fb825227ef683248d73c01c955caeedc21f9d437d7c97a.exe"}, {"hashes": ["8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8e15ee87c184118279b5235afa195421ddc6b0fe346105e7327c1948e49a01c9.exe"}, {"hashes": ["51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "51f27d2d813f0b6920424466910d263ea0d0ef138f37d320eddbb597a3534d88.exe"}, {"hashes": ["8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8ff1b62757a618adcfd4663f6c146a963f7fae674b660a79b08e14b42c55b98d.exe"}, {"hashes": ["6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6555f50b34e80454bf8a039ea00c45197f131cc16103fa9bc6caf4c260960042.exe"}, {"hashes": ["cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cba4090a0acac9932f3a1befee047efc28ff6fc7b0bb13c10f9927a9061082d9.exe"}, {"hashes": ["2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2274b3c97db69cce6d89297c7315089421c2ccdc2d8109ed7fbd26b7a331e37b.exe"}, {"hashes": ["df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "df2179441fd702bfa245e5d19577a16480f1ab943e9fe104301a2121115ab500.exe"}, {"hashes": ["e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e5a43422eb2f64b6f8675512f89d3a592f91499106159d8d15a2f130602aad23.exe"}]}, "reports_count": 22}, "Win.Packed.Dridex-9802347-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-modified", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0040"]}, {"bi": "possible-dga-communication", "hashes": ["5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "mitre_attack_tags": ["TA0011"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "iocs": {"domain": [{"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "pastebin[.]com"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33"], "host": "www[.]xa65vyn0cw[.]com"}, {"hashes": ["2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "host": "www[.]rxogeti6xq[.]com"}, {"hashes": ["67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1"], "host": "www[.]9kp1f6hmx9[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]avjd26n3d9[.]com"}, {"hashes": ["2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "host": "www[.]zy5fofibiy[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]dmed5sfhsk[.]com"}, {"hashes": ["67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1"], "host": "www[.]ayvurub1ky[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]6brexmpv8b[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]fkmpbgtdxl[.]com"}, {"hashes": ["67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1"], "host": "www[.]izs2zq7pbn[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]7nlkhw19sz[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]lbgxifqxmn[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]7rw9ax3icv[.]com"}, {"hashes": ["67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1"], "host": "www[.]kmptxrmfky[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]9nuyv4kyvc[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]t2ht5hghoc[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]fop6g8f7lh[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]9simrbwq19[.]com"}, {"hashes": ["67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1"], "host": "www[.]vtr5w5o3sb[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]7qka0kqtgx[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]ei7s1w8oof[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]th6og2oefs[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]glpwnl6mjx[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]d3kjjj107q[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]ajz0zjfo7m[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]f3mlwtbtpa[.]com"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "host": "www[.]w1c4k3d41p[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]qok03uqzgn[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]e9c9njj0aa[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]dmfuxtd2fk[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]gzyoy0wge1[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]udhvjybelv[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]efhjxe7jze[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]mztyth3h0y[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]hlsbgybduy[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]zv3asnftcs[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]gyy3mexxhv[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]tzpvryxyse[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]mpsdlboxga[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]kc0neh0l7t[.]com"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "host": "www[.]wcz7livni2[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]pphpt3fy0g[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]t9wkueyfhv[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]wbnku3brhl[.]com"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "host": "www[.]yzzan2vuwo[.]com"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "host": "www[.]xrqlapqwvr[.]com"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "host": "www[.]rnfhp49uqa[.]com"}], "file": [{"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa"], "path": "%TEMP%\\WAX25.tmp"}], "ip": [{"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "ip": "172[.]217[.]9[.]238"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "ip": "173[.]194[.]206[.]138/31"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "ip": "23[.]199[.]71[.]208"}, {"hashes": ["7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33"], "ip": "23[.]199[.]71[.]185"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33"], "ip": "173[.]194[.]206[.]102"}, {"hashes": ["28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "ip": "173[.]194[.]206[.]113"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "ip": "173[.]194[.]206[.]101"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "ip": "23[.]199[.]71[.]147"}, {"hashes": ["a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa"], "ip": "23[.]199[.]71[.]169"}], "mutex": [{"hashes": ["2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "name": "hOjOttPCDM"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "AahblJeMvR"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "C9G1UlIgM5"}, {"hashes": ["2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "name": "iVajgIApbQ"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "TMFhQ7dQB4"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "WhisRHryt6"}, {"hashes": ["2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493"], "name": "zwsYfr6U2I"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "odWNEztQSb"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "yCFzSik8m0"}, {"hashes": ["6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72"], "name": "z6zDJ0r4vR"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "FmMJfhjNfM"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "H9PTEJSDMJ"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "Mf2BPFGBVf"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "W43mJcS9K9"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "XHtwiaDwmt"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "iywjv1IeMJ"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "mghoA1l2Pn"}, {"hashes": ["c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f"], "name": "yp00EoQiMA"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "FcwSNs2leB"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "IcOsMsWj6G"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "KM1JIqU8jS"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "R0CMz3mZag"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "WuATNdv48I"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "dBnXoPFvaT"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "ttNoxD4cfb"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "5zRm1qjqXM"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "AhgMAtiBQj"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "COEYot6CVK"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "HHsEc5uVRR"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "PRrztCYABS"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "j27uxZjOzh"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "tDWtnaEmsG"}, {"hashes": ["cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "name": "vIrUINjdNz"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "0zGPBQQYbI"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "HDZTMU5Btv"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "HjiX1lq3fu"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "J6mGJvcM7i"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "M0mGjbuaXr"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "RYQiSXVToY"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "WTrtTC9bTp"}, {"hashes": ["5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348"], "name": "liTGtqxwPn"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "9mzfeeTuZn"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "LF5zzGCQul"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "MXxe1Y39f1"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "NJDCHIez5W"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "P3z18JKgfI"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "hQHVt1Z6UX"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "pt7avdhtwQ"}, {"hashes": ["84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f"], "name": "tw7eMNz3ZD"}, {"hashes": ["c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00"], "name": "QMFB6OJsV6"}], "registry": [{"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\7C\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["0438a52d124dca5794082567a9e13f5104f476d67c2cb6c3e1ce238c80c2d555", "25b6691a9cf3bf16ef9f90e03d0b12dd7a5272e95334d142cf3f9e99e7f3dffb", "28af621a9168d250c89737f62637c0c91e75678fcebf5d786198809a38ad5242", "2f30e21f28818dfb86e8a073e459f6dbc66169463758b0384adeb40a5e368493", "52bc1e9e71140b18779589144ec1949443cf29433d6ae108e40c8fa9ba58a33b", "5e1b9b55f1d3ac2ab0c0bdd9a75601893452c8a45bbc2f3a12fe6ac2245de40e", "5f716a721386c7e3aa19887638cfdd2b149b68ad63e56b0dad1e4ebf6d5d7348", "67194de6e79d2caff334922c11886ee2924ed054859236314b153beef4af7ed1", "6c5dd120d17a3590ab0d376a44b6630299110794f34cdf4941211a5150324d72", "7145fefb50e00ff03a9f1a7ab0e50b1e0fdc52748897bf6b8c5ce226d037d54e", "84d0739b0a03a42eef46159a4f8a9615c62456c277d522fe01ae74b67d0c451f", "9ddcf9dcc67cad4dee26eac4ab4c17e834f64510c1253d4448605b0073f1b1ab", "a2559bfa8fc89feab0f1c363dd84ba05a546534de8c9ea1a62809d7a4a2daa33", "a5b820fcf77103cbc0aed26431fbffdc929f3041827962523080fccabb4990fa", "c226a56492044724a4267c104005162f08a65f641df643beba46538e10970a0f", "c3afdc6c287d04385fd36aecb5f08269aa341b12ce9c4a856f3be15106131f00", "cee9ff4cc1a36c223d9ed296e32ca222b295ec609177f1aff02c7889846926ca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 17}, "Win.Packed.Glupteba-9802607-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112"]}, {"bi": "currentcontrolset-service-added", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "cmd-exe-file-execution", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-certificate", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "artifact-flagged-vm", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-redirect", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-snort-protocol", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "sc-service-create", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "new-service-launched", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0002"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1543"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-client-error", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "windows-util-schtask", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-system-dir", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-empty", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "process-with-multiple-children", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-exe", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": []}, {"bi": "process-check-virtualbox", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112"]}, {"bi": "pe-header-subsystem", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0007"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-util-bcdedit", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-dns-category-file-storage", "hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "double-url-detected", "hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849"], "mitre_attack_tags": ["TA0040"]}, {"bi": "mbr-modified", "hashes": ["ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0040"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "task-ran-using-system-account", "hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-opendns-malicious", "hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-pe-no-dos", "hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "mitre_attack_tags": []}, {"bi": "malware-trojan-bunitu-mutex-detected", "hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "html-small-file-redirect", "hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and also steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["0eecee054fb7353dbbc46abdde39705b787b19d15236c1959df09c4aee53e46d", "189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "1b0587f0a67108ab5c4cda0d4b25da6d4084c24e6f005dd2faf6945497fd5cad", "21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "431573008621cebbd01b2a7e02adf3bf55aa120ac2487a6e8a19c511117c3f95", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1", "aafbd788d26335b0826ead6bed529b8210b2987e02f478b20869c65a1cf47a1e", "ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849", "aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339", "dc78903b9a7713bb20d4c283051c1bc956807fc4278d6bde180052509126fde6", "e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8", "e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "iocs": {"domain": [{"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "schema[.]org"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "ip02[.]gntl[.]co[.]uk"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "msr[.]pool[.]gntl[.]co[.]uk"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "easywbdesign[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "native-vita[.]np[.]ac[.]playstation[.]net"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "misterysnith[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "www[.]amazon[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "www[.]sendspace[.]com"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "api[.]sendspace[.]com"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "a2047[.]r[.]akamai[.]net"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "www[.]tiktok[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "e17058[.]b[.]akamaiedge[.]net"}, {"hashes": ["ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "authserver[.]mojang[.]com"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b"], "host": "www[.]google[.]com[.]mx"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b"], "host": "www[.]google[.]it"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b"], "host": "www[.]google[.]fr"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "www[.]google[.]ee"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "steamcommunity[.]com"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "video-weaver[.]arn03[.]hls[.]ttvnw[.]net"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "host": "video-weaver[.]waw01[.]hls[.]ttvnw[.]net"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "store[.]steampowered[.]com"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "host": "server5[.]easywbdesign[.]com"}, {"hashes": ["84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "server9[.]easywbdesign[.]com"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9"], "host": "server8[.]easywbdesign[.]com"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9"], "host": "server6[.]easywbdesign[.]com"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "api16-core-c-useast1a[.]tiktokv[.]com"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "api16-normal-c-useast1a[.]tiktokv[.]com"}, {"hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "host": "server11[.]easywbdesign[.]com"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "host": "e15316[.]e22[.]akamaiedge[.]net"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9"], "host": "fc683d41-5ac4-4032-b0e8-730ba1566fd0[.]easywbdesign[.]com"}, {"hashes": ["84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "host": "4c7765a8-df11-4531-ba17-5d8bcff19f70[.]easywbdesign[.]com"}, {"hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "host": "810ddc8e-c590-44fb-b7a0-90f1492570a2[.]easywbdesign[.]com"}, {"hashes": ["450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "host": "4900ce36-0d02-447f-89b8-ccbaf84c9494[.]easywbdesign[.]com"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9"], "host": "85e5f482-9b40-46fc-aa00-0fe51f664c02[.]easywbdesign[.]com"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "lostbookofremedies[.]download"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "host": "www[.]hotwiredconsultants[.]com"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "host": "decatos30[.]com"}], "file": [{"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%SystemRoot%\\rss"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\csrss"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193", "c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%TEMP%\\CC4F.tmp"}, {"hashes": ["7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326"], "path": "%TEMP%\\9E5E.tmp"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113802.exe_9b3a796c1137be3e31249a62b25decc75ccb054_7f280b85_cab_0b4d7951\\Report.wer"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113802.exe_9b3a796c1137be3e31249a62b25decc75ccb054_7f280b85_cab_0b4d7951\\WER76E1.tmp.appcompat.txt"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113802.exe_9b3a796c1137be3e31249a62b25decc75ccb054_7f280b85_cab_0b4d7951\\WER7730.tmp.WERInternalMetadata.xml"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113802.exe_9b3a796c1137be3e31249a62b25decc75ccb054_7f280b85_cab_0b4d7951\\memory.hdmp"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113802.exe_9b3a796c1137be3e31249a62b25decc75ccb054_7f280b85_cab_0b4d7951\\triagedump.dmp"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b"], "path": "%System32%\\pvouacko\\onbdroph.exe (copy)"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "path": "%System32%\\oxwpbwmj\\mdzgxwae.exe (copy)"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "path": "%System32%\\okttbtfj\\nscxrdac.exe (copy)"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%ProgramData%\\kannhsf\\hbhk.exe"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%SystemRoot%\\Tasks\\hbhk.job"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113854.exe_a9b78386e82554f78d496e56dd5b6b0809d4171_fd9f0360_cab_097186af\\Report.wer"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113854.exe_a9b78386e82554f78d496e56dd5b6b0809d4171_fd9f0360_cab_097186af\\WER83F1.tmp.appcompat.txt"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113854.exe_a9b78386e82554f78d496e56dd5b6b0809d4171_fd9f0360_cab_097186af\\WER8440.tmp.WERInternalMetadata.xml"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113854.exe_a9b78386e82554f78d496e56dd5b6b0809d4171_fd9f0360_cab_097186af\\memory.hdmp"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_464113854.exe_a9b78386e82554f78d496e56dd5b6b0809d4171_fd9f0360_cab_097186af\\triagedump.dmp"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "path": "%System32%\\truxguj\\dqczsfku.exe (copy)"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%ProgramData%\\ksiot"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%ProgramData%\\ksiot\\lvix.exe"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%SystemRoot%\\Tasks\\lvix.job"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "path": "%System32%\\Tasks\\lvix"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "path": "%APPDATA%\\MetaLayer"}], "ip": [{"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "69[.]55[.]5[.]249"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "ip": "104[.]214[.]40[.]16"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "83[.]151[.]238[.]34"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "173[.]194[.]207[.]103"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "173[.]194[.]207[.]106"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "173[.]194[.]207[.]147"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "ip": "23[.]5[.]238[.]97"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "ip": "104[.]31[.]82[.]101"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "173[.]194[.]207[.]104/31"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "172[.]217[.]12[.]142"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "ip": "172[.]217[.]10[.]100"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "ip": "40[.]112[.]72[.]205"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "172[.]217[.]10[.]132"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "69[.]31[.]136[.]5"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "173[.]194[.]207[.]94"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "12[.]167[.]151[.]116/31"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "173[.]194[.]207[.]99"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "104[.]96[.]238[.]172"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "104[.]111[.]247[.]123"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "ip": "104[.]27[.]176[.]119"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2"], "ip": "172[.]67[.]146[.]58"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "ip": "172[.]64[.]168[.]15"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "104[.]111[.]233[.]54"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "77[.]88[.]21[.]249"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "202[.]93[.]66[.]123"}, {"hashes": ["6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "ip": "54[.]219[.]58[.]12"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b"], "ip": "104[.]18[.]39[.]63"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "216[.]137[.]35[.]69"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "23[.]192[.]34[.]24"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "125[.]209[.]238[.]153"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "ip": "162[.]144[.]32[.]129"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "54[.]172[.]200[.]155"}, {"hashes": ["25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2"], "ip": "23[.]212[.]45[.]175"}], "mutex": [{"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "Global\\SetupLog"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "name": "WininetConnectionMutex"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "NattyNarwhal"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "NeoNetPlasma"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "NetRegistry"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "OneiricOcelot"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "OnlineShopFinder"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "P79zA00FfF3"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "PCV5ATULCN"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "PJOQT7WD1SAOM"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "PSHZ73VLLOAFB"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "RaspberryManualViewer"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "RouteMatrix"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "SSDOptimizerV13"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "StreamCoder1.0"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "Tropic819331"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "UEFIConfig"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "UtopicUnicorn"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VHO9AZB7HDK0WAZMM"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VRK1AlIXBJDA5U3A"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VirtualDesktopKeeper"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VirtualPrinterDriver"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VividVervet"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "WinDuplicity"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "WireDefender"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "bitcoreguard"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "sqlcasheddbm"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "wwallmutex"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "CDNetStreamer2.r05"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "QOSUser2.r10"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "JerkPatrol"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "LenovoSuite"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "NeonRhythmbox"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "PrecisePangolin"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "VirginPoint"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "<random, matching '[A-Z0-9]{14}'>"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "<random GUID>"}, {"hashes": ["ae7c9bc81e420d9a01086354756e62c04bc3310b8fb416fe84586286851d4849"], "name": "YMyooCcSkKSRdwHNrGke"}, {"hashes": ["e977164f572608f080e792ceda605a6f93e0d6d4371f9a9b9c0142da9a166ea3"], "name": "e68-96ca-4731-92de-961d5ef283eb"}, {"hashes": ["c6d07979e447e848397428109cdec18ac3b9f7abd85ba60a4da18c09c2eb4339"], "name": "Global\\a92f6141-3581-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "name": "hbhk"}, {"hashes": ["e3888e50d083eb9735a1b64f7036df96cc3eff11431d2d2d3d206a815656feb8"], "name": "BtcBuf_Instance"}, {"hashes": ["7e18ce3262edaaf4f162489b2aad41cebae59b5c160e0b008e42da0496b19326"], "name": "Global\\01030021-360e-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["aec65175cff3ab312146a5c4b8862e9b42b2e1a5fc2141c268c71df0e8c57a39"], "name": "lvix"}, {"hashes": ["21486d7b3ecb4b900855c395fbd00aad8076a233957ed319fc6ba6a903f43193"], "name": "Global\\01b5c5c1-360e-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["189e9a0a7cfb69251188cdee33dee987752cc1ff1cae2a9e5a9c6b67a7f4e01b", "25047ee6a23764e967726cc98596f8ccc5fc6dd4104f11dcb9a8ea1869774db2", "3e87bbc2473de7e078c0a74e7b44a9984fc448e429f10c5815509c9707767678", "6accb2d39874712672ab43ee45b3ef857e2df49fd823786aa73dbd27121486b2"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CampaignID"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PC"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}, {"hashes": ["222a56d032717796fe1cc98c780aa319e921c3f484770f3f0d9144bbbbe11af9", "450c6ae581e0e308ab64d7cffc0d5cbd8e212d0bb29a2bc12201d64d2bdd0cd2", "84813a9c909a9863aa4338b52404044dd254d4bacaa1dd8eef9d39d5986860f1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\357CEC6806", "value_name": null}]}, "reports_count": 19}, "Win.Packed.ZeroAccess-9802579-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-known-trojan-av", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-modified", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dns-public-server-contacted", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "pe-resource-lang-russian", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "registered-com-server", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0002"]}, {"bi": "excessive-udp-connections", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112"]}, {"bi": "recycler-exe-artifact", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "geoip-ip-address-location-attempt", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "malware-zeroaccess-v2-variant-detected", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}, {"bi": "network-protocol-mismatch-dns", "hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.", "hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "iocs": {"domain": [{"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "host": "j[.]maxmind[.]com"}], "file": [{"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%System32%\\LogFiles\\Scm\\e22a8667-f75b-4ba9-ba46-067ed4429de8"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-18\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\@"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\L"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\U"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$0f210b532df043a6b654d5b43088f74f\\n"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MSASCui.exe:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpAsDesc.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpClient.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpCmdRun.exe:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpCommu.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpEvMsg.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpOAV.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpRTP.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MpSvc.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MsMpCom.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MsMpLics.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\MsMpRes.dll:!"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "%ProgramFiles%\\Windows Defender\\en-US:!"}, {"hashes": ["2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-1160359183-2529320614-3255788068-500\\$bc873181c718236380cd637b8be3cfa0\\@"}, {"hashes": ["2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-1160359183-2529320614-3255788068-500\\$bc873181c718236380cd637b8be3cfa0\\n"}, {"hashes": ["bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I6CE20C38"}, {"hashes": ["a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I78F014F1"}, {"hashes": ["8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I3CC35F14"}, {"hashes": ["4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I059F8804"}, {"hashes": ["e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I71B937A8"}, {"hashes": ["8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I0FEA99D2"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IAD5C05D8"}, {"hashes": ["a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I04C44965"}, {"hashes": ["805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ID2F81A1A"}, {"hashes": ["b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I5A1D24A5"}, {"hashes": ["fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I3D79CD0C"}, {"hashes": ["589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I7AF2726D"}, {"hashes": ["f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I2718E466"}, {"hashes": ["2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I30EE0A3B"}, {"hashes": ["ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IA6215EE0"}, {"hashes": ["a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I987ED8D1"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I59BB19CB"}, {"hashes": ["c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I407CF35A"}, {"hashes": ["949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I4CF95DF0"}, {"hashes": ["89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IAB6B885D"}, {"hashes": ["acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IDA04154B"}, {"hashes": ["7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I0ABF0C58"}, {"hashes": ["e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I8741D8A3"}], "ip": [{"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "180[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "166[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "135[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "117[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "119[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "134[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "206[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "222[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "182[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "190[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "184[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "197[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "183[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "158[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "204[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "230[.]254[.]253[.]254"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "209[.]68[.]32[.]176"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "71[.]123[.]238[.]4"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "24[.]57[.]248[.]253"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "71[.]8[.]195[.]183"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "188[.]25[.]246[.]11"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "78[.]39[.]201[.]179"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "76[.]116[.]188[.]223"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "76[.]109[.]163[.]88"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "68[.]60[.]107[.]146"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "68[.]53[.]215[.]9"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "61[.]44[.]86[.]177"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "217[.]17[.]88[.]28"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "109[.]55[.]100[.]105"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "42[.]144[.]132[.]212"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "75[.]69[.]224[.]79"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "50[.]82[.]64[.]73"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "111[.]254[.]143[.]220"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "181[.]208[.]76[.]38"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "69[.]250[.]85[.]13"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "72[.]193[.]193[.]192"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "188[.]25[.]138[.]209"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "81[.]29[.]247[.]130"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "125[.]172[.]76[.]14"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "201[.]235[.]133[.]190"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "216[.]8[.]132[.]204"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "115[.]242[.]194[.]141"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "75[.]210[.]51[.]16"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "50[.]135[.]97[.]145"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "177[.]170[.]58[.]16"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "126[.]71[.]113[.]148"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f"], "ip": "50[.]79[.]23[.]149"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "76[.]73[.]76[.]202"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "1[.]22[.]97[.]17"}, {"hashes": ["29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "ip": "71[.]45[.]95[.]19"}], "mutex": [], "registry": [{"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DeleteFlag"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "DeleteFlag"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DeleteFlag"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BROWSER", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": "ThreadingModel"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Type"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "ErrorControl"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Type"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "ErrorControl"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "DeleteFlag"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Type"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "ErrorControl"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Type"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "ErrorControl"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Type"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Start"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "ErrorControl"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "DeleteFlag"}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}", "value_name": null}, {"hashes": ["01bd7aec164fd36239963b37c2761317bf6db3abf1a2d338d1c66885445604ee", "2378eabcb037f4411fa05b169167b85a7901ce007197c716b9028c7527146fa8", "29b26861290fe131baeca9acca5f0ca958ed1c702237fe365d65bb5d29707a53", "3aaa445d0630fa62565be3fb765bc06851477cc7478f895505cc094bdf7ab0d5", "4482f9da16c07274b890bfb244389f237a717c0b61648776370d95248c769df7", "589b8056d1cf9fbb9b6f89e6abc42582ab1a81b1d932ad27f22d1e9f09ac7acd", "7cbfced59f6566556e1be84e1369ea5adfbdaf891969a8602ffaa664ba9c0ac2", "805e33905b4e8643aafa7e8546d8deefe8d8d5ee961670657b2e3676ba476904", "8518cd7c18488c073741109ddff7b513bd57ab0de25858c831d4ebafb946df75", "89bc98d97c5d3ffd1f4ce56195caecb8fb42ce06602211cc9333b8958e873fd4", "8e6b9bf356f086421befdf2f4cf3abd8bf4daafa1a485f3c62687575efeb49eb", "949fbbd3dec56f99892cd187143f69b6de671afb9450897fdf3ed0585c473263", "a167bfe2d397b93e2219315c9b5f7defa70dceb6ceda1e71de5df3ece646ff3b", "a85351606a9ec16518e9c4cac165df36b30c93c5f18d9cba59d603f6c60f4f7b", "a9008fd3f68de29569fcd8d3beae712e3b1a39b786de19025e83b8608de86db0", "acefc076338ee225f094011dde86b06fb8665447b8a9c7ce0f7ab73431d84123", "b1f2275e439056d7096255258174e4a14fcd68cd8a55a650fb4b4572cfee871a", "ba53f06e9cfc3096c64bcbf4436d1b9be340f3ae389d42772ec4a3bcd2527647", "bbe7f92026515c70f0ebf8b9aac0ddf8e96a2a8303083793ee70b2a39696c389", "c877e98e157126d72a0f8ffd07d4e7ae138be0df2abf58a39623966a6a15aac7", "e3dbeab85a84e5e30761a25a61d97d98b029b451bd409153207918028831ee15", "e96dd450e0bd9f13bb32e8ef3775b13c82642bf8d98e04b20863454ee9941fb6", "f2df912cb6940c86ee73da5f3e61f8e92c2bde6b1a5f8d9fc715608d2271ca9f", "fe2c2ef40274fe98b07b19813fbe3c636c78fb59fa5a0a6d76969ac9c6f04ffc"], "key": "<HKCR>\\CLSID\\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\\INPROCSERVER32", "value_name": null}]}, "reports_count": 24}, "Win.Trojan.Razy-9802759-1": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-shared", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-encrypted-section", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "files-created-vbs", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-modification", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-vbs-file", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-domain-rat", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "benign-process-has-child", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-communications-http-get", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": []}, {"bi": "malware-quasar-artifact-detected", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": []}, {"bi": "malware-quasarrat-mutex", "hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "network-fast-flux-domain", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-dns-malicious-snort", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "http-response-client-error", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "deleted-submitted-file", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "malware-guloader-traffic-detected", "hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "pe-certificate", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a"], "mitre_attack_tags": []}, {"bi": "malware-webmonitor-rat-domain-detected", "hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": ["TA0011", "T1095", "T1219"]}, {"bi": "pe-invalid-checksum", "hashes": ["6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": []}, {"bi": "process-check-ucbrowser", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "mitre_attack_tags": ["TA0007"]}, {"bi": "artifact-flagged-malware", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "mitre_attack_tags": []}, {"bi": "malware-agent-tesla-detected", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "mitre_attack_tags": ["TA0009", "TA0006", "T1123", "T1125", "T1056"]}, {"bi": "malware-agent-tesla-av-detected", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "malware-generic-infostealer", "hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "excessive-process-creates", "hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "malware-known-trojan-av", "hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-benign-process", "hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-imports-toolhelp", "hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-snort-pua", "hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "mitre_attack_tags": []}, {"bi": "vbs-creates-and-runs", "hashes": ["2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "registry-parseautoexec", "hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "mitre_attack_tags": ["TA0005", "T1112"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. This cluster includes malware from families such as QuasarRAT, Agent Tesla, and AsyncRAT.", "hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82", "57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6970c715f79a9e9a61a24b90f8aa6da086f69bdf71e9a7e81ed5e4958000cb9c", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad", "c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "iocs": {"domain": [{"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "host": "ip-api[.]com"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "host": "yz[.]videomarket[.]eu"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "0"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "ntp[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "sdns[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "maxchris[.]wm01[.]to"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "host": "googleforshares[.]publicvm[.]com"}, {"hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "host": "alahlasi[.]com"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "host": "www[.]promoweb[.]co[.]id"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "host": "xyz[.]videomarket[.]eu"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "25e9ca102fbf458c824b3470b19eb940[.]se"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "73d56949a6e23ccbfd8048a11df603a0[.]se"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "9d0ba0c1ce6e45fd88374fb98ea72300[.]se"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "cda08c1ab88d515296a2184a9f624b54[.]se"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "host": "d3cfc82a1e3d30f0f7a300be637bbce2[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "host": "0a76aee110a5af1b9dcc07b25bf6f6be[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "host": "46bb0e88a441c403bfd63624a90d3327[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "host": "5b7e3e64e9c88c6969bb03620e2c9685[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "host": "701e5f7af5b7df7d911c31e4539712f2[.]se"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "host": "d2407d8f1c03e4afa2fe9efcafc21d96[.]se"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "host": "promoweb[.]co[.]id"}], "file": [{"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca", "050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\<random, matching '[A-Z][a-z]{3,5}\\[a-z]{4,6}'>.exe"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\Logs\\12-04-2020"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "path": "%APPDATA%\\7C7955\\5D4644.lck"}, {"hashes": ["23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\Logs\\12-01-2020"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "path": "%ProgramData%\\rliQSisJaf"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "path": "%ProgramData%\\rliQSisJaf\\cfg"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "path": "%ProgramData%\\rliQSisJaf\\cfgi"}, {"hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "path": "%APPDATA%\\7C7955\\5D4644.exe (copy)"}, {"hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\STARTUP.vbs"}, {"hashes": ["730aed50f3cbff66987900b169e00c3318208044d402b6226d729a6ffe75c6f2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\App Update.vbs"}, {"hashes": ["23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022"], "path": "%APPDATA%\\Logs\\12-02-2020"}, {"hashes": ["23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\cviqw.vbs"}, {"hashes": ["23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022"], "path": "%APPDATA%\\fgbpq\\emqkp.exe:ZoneIdentifier"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\nmkjq.vbs"}, {"hashes": ["72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\wqbb.vbs"}, {"hashes": ["b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\kloqp.vbs"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8"], "path": "%APPDATA%\\qsxbq\\rqtpl.exe:ZoneIdentifier"}, {"hashes": ["72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be"], "path": "%APPDATA%\\lktq\\jqft.exe:ZoneIdentifier"}, {"hashes": ["b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "path": "%APPDATA%\\rtqgb\\ernqm.exe:ZoneIdentifier"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8"], "path": "%APPDATA%\\Logs\\11-25-2020"}, {"hashes": ["2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\nmqp.vbs"}, {"hashes": ["2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f"], "path": "%APPDATA%\\dfghq\\polvq.exe:ZoneIdentifier"}, {"hashes": ["2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f"], "path": "%APPDATA%\\Logs\\11-27-2020"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\liwd.vbs"}, {"hashes": ["7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\qmjk.vbs"}, {"hashes": ["7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "path": "%APPDATA%\\ercq\\rqpl.exe:ZoneIdentifier"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "path": "%APPDATA%\\fgpk\\njkl.exe:ZoneIdentifier"}, {"hashes": ["7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "path": "%APPDATA%\\Logs\\12-03-2020"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b"], "path": "%TEMP%\\NXapsVGT8palXv6T.bat"}, {"hashes": ["5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "path": "%TEMP%\\QOCQFJSGSfCT6nW7.bat"}], "ip": [{"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "ip": "185[.]157[.]161[.]109"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6"], "ip": "185[.]157[.]162[.]81"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "114[.]114[.]114[.]114"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "1[.]2[.]4[.]8"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "173[.]194[.]207[.]113"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "173[.]194[.]207[.]102"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "194[.]58[.]200[.]20"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "185[.]61[.]148[.]26"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "45[.]153[.]186[.]90"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "173[.]194[.]207[.]100/31"}, {"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "ip": "173[.]194[.]207[.]138/31"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "ip": "213[.]227[.]154[.]174"}, {"hashes": ["6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "ip": "209[.]59[.]188[.]68"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "ip": "172[.]105[.]121[.]115"}, {"hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "ip": "213[.]226[.]119[.]226"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57"], "ip": "180[.]235[.]148[.]26"}], "mutex": [{"hashes": ["050e1607a2f0a09c41b618cda2e002061ee13abcbfb2dcd1c2a5a16148cc8ec8", "23ed6ef7aec39fbc37b613e5ad3611a84ba1facc92489ed818dcc72bee129022", "2f94645d28817c56c208136d20e5ead89e5d0ef6626828cd1282c4c7e77ba68f", "72059ace4818aab4e44f27c08b16914c773f9b91a5db14c889f6a8a893e016be", "7f3e5e8e94217110c158eb909a519c8878da9b887267e028454948d4b9a52ca6", "b3e1f3ed2ed33bd4d98232515b01f134dc62f5b2a440d8ed9abb9a163b2afcad"], "name": "QSR_MUTEX_dQvCIzmEBFgxmMuIEE"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["61a5d76fff337300b6ea55e5371e6e951b2e3eae08972e43e20b3c443945cc57", "6b1cda0ebe4790dd8f97271a43ab39cf60516546388f11eeeab13fe226e8349d"], "name": "9DAA44F7C7955D46445DC99B"}, {"hashes": ["42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b", "5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028"], "name": "1heU2UYKCvvVebV1cCysANqKqmHvG7Hq3.00"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "name": "Windows Update"}, {"hashes": ["c31092a2440d07fa42015a132cab105a258d88cd33a87799bbcaa85f165bc716"], "name": "689fde1a38506f17232d"}, {"hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "name": "AsyncMutex_6SI8OkPnk"}, {"hashes": ["57388e40955da2809368e790832808c499ac7c2a712c118b32698c8eb60eaa0a"], "name": "Global\\37e3c740-2f39-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\CRYPTOGRAPHY\\AUTOENROLLMENT", "value_name": null}, {"hashes": ["45a2efb593e6218fc36bd00c397a358b180d20b743ae9430074fb29664013c82"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\7C\\52C64B7E", "value_name": "LanguageList"}]}, "reports_count": 16}, "exprev": [{"count": 3874, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 3222, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2138, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1862, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 1335, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 962, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 896, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 700, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 609, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 492, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 419, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 346, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 115, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 68, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 68, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 37, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 33, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 21, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 13, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 7, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 6, "description": "A process injection was detected that is most likely caused by an existing Qakbot infection. Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence on a system.", "name": "Qakbot injection detected"}, {"count": 5, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 5, "description": "Cobalt Strike is a tool used by both penetration testers and malicious actors. It has been observed being used to deliver Ryuk ransomware and other payloads.", "name": "Cobalt Strike activity detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-12-11T19:19:32+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Dridex-9802347-0", "Win.Dropper.Gh0stRAT-9802375-0", "Win.Dropper.Emotet-9802602-0", "Win.Dropper.njRAT-9803023-0", "Win.Packed.ZeroAccess-9802579-0", "Win.Packed.Glupteba-9802607-1", "Win.Dropper.Remcos-9802952-0", "Win.Trojan.Razy-9802759-1"]}